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Get Started 


Web Application Scanning API 


The Web Application Scanning (WAS) API support scanning and reporting on 
web applications for security risks. 


Modules supported 
WAS 
Authentication 


Authentication to your Qualys account with valid Qualys credentials is 
required for making Qualys API requests to the Qualys API servers. Learn 
more about authentication to your Qualys account 


Get API Notifications 


We recommend you join our Community and subscribe to our API 
Notifications RSS Feeds for announcements and discussions. 


httos://community.qualys.com/community/developer/notifications-api 
About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud- 
based security and compliance solutions. The Qualys Cloud Platform and its 
integrated Cloud Apps deliver businesses critical security intelligence 
continuously, enabling them to automate the full soectrum of auditing, 
compliance and protection for IT systems and web applications on premises, 
on endpoints and elastic clouds. For more information, please visit 
www.qualys.com 


Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All 
other products or names may be trademarks of their respective companies 


Qualys user account 


Authentication to your Qualys account with valid Qualys credentials is 
required for making Qualys API requests to the Qualys API servers. 


The application must authenticate using Qualys account credentials (user 
name and password) as part of the HTTP request. The credentials are 
transmitted using the “Basic Authentication Scheme” over HTTPS. 


For information, see the “Basic Authentication Scheme” section of RFC #2617: 


http://www.fags.org/rfcs/rfc2617.html 


The exact method of implementing authentication will vary according to 
which programming language is used. 


The allowed methods, POST and/or GET, for each API request are 
documented with each API call in this user guide. 


Sample request - basic authentication 


curl -u “USERNAME : PASSWORD" 
https: //qualysapi.qualys.com/qps/rest/3.@/count/was/webapp 


Making API Calls 


Curl samples in our API doc 


We use curl in our API documentation to show an example how to form REST 
API calls, and it is not meant to be an actual production example of 
implementation. 


Making Requests with an XML Payload 


While it is still possible to create simple API requests using the GET method, 
you can create API requests using the POST method with an XML payload to 
make an advanced request. 


The XML payloads can be compared to a scripting language that allows user 
to make multiple actions within one single API request, like adding a 
parameter to an object and updating another parameter. 


The XML structure of the payload is described in the XSD files. 


XML Output Pagination / Truncation 


The XML output of a search API request is paginated and the default page 
size is 100 object records. The page size can be customized to a value 
between 1 and 1,000. If the number of records is greater than the page size 
then the <ServiceResponse> element shows the response code SUCCESS with 
the element <hasMoreRecords>true</hasMoreRecords> as shown below. 


Follow the process below to obtain the first two XML pages for an API 
request. Apply the same logic to get all the next (n+1) pages until all records 
are returned. This is indicated when 
<hasMoreRecords>false</hasMoreRecords>. 


Sample 1- Search web apps 
Search for web applications that have a name containing the string 


“Merchant”. The service request in the POST data file “file.xml” defines this 
search criteria. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" < 
file.xml 

Note: “file.xml” contains the request POST data. 


You'll notice the operator field value is set to 123, which is the value returned 
in <lastld> of the previous page output. The GREATER operator is a logical 
“greater than” Cit does not mean greater than or equal to). 


Request POST data 


<ServiceRequest> 
<preferences> 
<limitResults>5</limitResults> 
</preferences> 
<filters> 
<Criteria field="name" operator="CONTAINS" >Merchant</Criteria> 
</filters> 
</ServiceRequest> 


The number of records is greater than the default pagination value so the 
<ServiceResponse> element identifies the last ID of the object in the current 
page output. 


XML response 


<ServiceResponse ...> 
<responseCode>SUCCESS</responseCode> 
<COUNT >5< / COUNT > 
<hasMoreRecords>true</hasMoreRecords> 
<lastId>123</lastId> 
<data> 

<!--here you will find 5 web application records--> 

</data> 

</ServiceResponse> 


Sample 2 


To get the next page of results, you need to edit your service request in 
“file.xml” that will be passed to API request as a POST payload. According to 
the <lastld> element returned in the first page, you want the next page of 
results to start with the object ID 124 or greater. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" < 
file.xml 

Note: “file.xml” contains the request POST data. 


You'll notice the operator field value is set to 123, which is the value returned 
in <lastld> of the previous page output. The GREATER operator is a logical 
“greater than” Cit does not mean greater than or equal to). 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS" >Merchant</Criteria> 
<Criteria field="id" operator="GREATER">123</Criteria> 
</filters> 
</ServiceRequest> 


Setting custom page size 


The service request needs to contain the <preferences> section with the 
<limitResults> parameter. For the <limitResults> parameter you can enter a 
value from 1to 1,000. You can change which objects are returned and the 
number of objects by specifying a preferences tag in the POST body of your 
request. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria> ... </Criteria> 
</filters> 
<preferences> 
<startFromOffset>100</startFromOffset> 
<limitResults>200</limitResults> 
</preferences> 
</ServiceRequest> 


Preferences tag fields: 
startFromOffset - The first item to return by index. The default is 1. 
startFromld - The first item to return by primary key. No default value. 


limitResults - The total number of items to return. The default is 100. 


URL to Qualys API server 


The Qualys API URL you should use for API requests depends on the Qualys 
platform where your account is located. 


Click here to identify your Qualys platform and get the API URL 


This documentation uses the API server URL for Qualys US Platform 1 
(https://qualysapi.gualys.com) in sample API requests. If you’re on another 
platform, please replace this URL with the appropriate server URL for your 
account. 


Looking for your API server URL for your account? You can find this easily. 
Just log in to your Qualys account and go to Help > About. You'll see this 
information under Security Operations Center (SOC). 


About Launch Help x 


Identified Services 


Qualys Web Service 

Application Version: 8.9.0.2-2 

Online Help Version: 8.9.29-1 

Additional References SCAP Module Version: 1.2 
Qualys External Scanners 
Security Operations Center (SOC): 64.39.96.0/20 (64.39.96.1-64.39.111.254) 
Scanner Version: 9.0.29-1 


Identified OS 


Vulnerability Signature Version: 2.3.492-2 
Scanner Services 3.0.12-1 
Qualys Scanner Appliances 
Security Operations Center (SOC): - qualysguard.qualys.com:443 
_ - qualysapi.qualys.com:443 
- dist01.sjdc01.qualys.com:443 
- nochost.sjdc01.qualys.com:443 
- scanservice1.qualys.com:443 
- all in 64.39.96.0/20 


Tracking API usage by user 


You can track API usage per user without the need to provide user credentials 
such as the username and password. Contact Qualys Support to get the X- 
Powered-By HTTP header enabled. 


Once enabled, the X-Powered-By HTTP header is returned for each API 
request made by a user. The X-Powered-By value includes a unique ID 
generated for each subscription and a unique ID generated for each user. 
Optional X-Powered-By header 

API usage can be tracked using the X-Powered-By HTTP header which 
includes a unique ID generated for each subscription and a unique ID 
generated for each user. Once enabled, the X-Powered-By HTTP header is 
returned for each API request made by a user. The X-Powered-By HTTP 
header will be returned for both valid and invalid requests. However, it will not 
be returned if an invalid URL is hit or when user authentication fails. 

The X-Powered-By header is returned in the following format: 

X-Powered-By: Qualys:<POD_ID>:<SUB_UUID>:<USER_UUID> 

where, 

- POD ID is the shared POD or a PCP. Shared POD is USPODI, USPOD2, etc. 
- SUB_UUID is the unique ID generated for the subscription 


- USER_UUID is the unique ID generated for the user. You can use the 
USER_UUID to track API usage per user. 


Sample X-Powered-By header 


X-Powered-By: Qualys :QAPOD4SIC: £972e2cc-69d6-7ebd-80e6- 
769a931475d8 : 06198167 -43f3-7591-802a-1c400a0e81b1 


How to Download Vulnerability Details 
/api/2.0/fo/knowledge_base/vuln/?action=list 


[GET] [POST] 


When you download web application scan results using the WAS API, you'll 
want to view vulnerability descriptions from the Qualys KnowledgeBase in 
order to understand the vulnerabilities detected and see our recommended 
solutions. You can do this programmatically using the KnowledgeBase API 
(api/2.0/fo/knowledge_base/vuln/?action=list). This API function is part of 
the Qualys API and it’s described in the Qualys API (VM, SCA, PC) User Guide 
(click here to download the latest version) 


Input Parameters 


When filter parameters are specified, these parameters are ANDed 


Parameter Description 


action=list (Required) A flag used to request the 
download of vulnerability data from the 
KnowledgeBase. 


echo_request={O|1} (Optional) Show (echo) the request’s 
input parameters (names and values) in 
the XML output. When unspecified, 
parameters are not included in the XML 
output. Specify 1to view parameters in 
the output. 


details={Basic|All|None} (Optional) Show the requested amount 
of information for each vulnerability in 
the XML output. A valid value is: Basic 
(default), All, or None. Basic includes 
basic elements plus CVSS Base and 
Temporal scores. All includes all 
vulnerability details, including the Basic 
details. 


ids={value} 


id_min={value} 


id_max={value} 


is_patchable={O|1} 


last_modified_after={date} 


last_modified_ 


before={date} 


(Optional) Used to filter the XML output 
to include only vulnerabilities that have 
QID numbers matching the QID numbers 
you specify. 


(Optional) Used to filter the XML output 
to show only vulnerabilities that have a 
QID number greater than or equal to a 
QID number you specify. 


(Optional) Used to filter the XML output 
to show only vulnerabilities that have a 
QID number less than or equal to a QID 
number you specify. 


(Optional) Used to filter the XML output 
to show only vulnerabilities that are 
patchable or not patchable. A 
vulnerability is considered patchable 
when a patch exists for it. When 1 is 
specified, only vulnerabilities that are 
patchable will be included in the output. 
When © is specified, only vulnerabilities 
that are not patchable will be included in 
the output. When unspecified, patchable 
and unpatchable vulnerabilities will be 
included in the output. 


(Optional) Used to filter the XML output 
to show only vulnerabilities last modified 
after a certain date and time. When 
specified vulnerabilities last modified by 
a user or by the service will be shown. 
The date/time is specified in YYYY-MM- 
DD[THH:MM:SSZ] format (UTC/GMT). 


(Optional) Used to filter the XML output 
to show only vulnerabilities last modified 
before a certain date and time. When 
specified vulnerabilities last modified by 
a user or by the service will be shown. 
The date/time is specified in YYYY-MM- 


last_modified_by_ 


user_after={date} 


last_modified_by_ 


user_before={date} 


last_modified_by_ 


service_after={date} 


last_modified_by_ 


service_before={date} 


published_after={date} 


published_before={date} 


discovery_method={value} 


DD[THH:MM:SSZ] format (UTC/GMT). 


(Optional) Used to filter the XML output 
to show only vulnerabilities last modified 
by a user after a certain date and time. 
The date/time is specified in YYYY-MM- 
DD[THH:MM:SSZ] format (UTC/GMT). 


(Optional) Used to filter the XML output 
to show only vulnerabilities last modified 
by a user before a certain date and time. 
The date/time is specified in YYYY-MM- 
DD[THH:MM:SSZ] format (UTC/GMT). 


(Optional) Used to filter the XML output 
to show only vulnerabilities last modified 
by the service after a certain date and 
time. The date/time is specified in YYYY- 
MM-DD[THH:MM:SSZ] format 
(UTC/GMT). 


(Optional) Used to filter the XML output 
to show only vulnerabilities last modified 
by the service before a certain date and 
time. The date/time is specified in YYYY- 
MM-DD[THH:MM:SSZ] format 
(UTC/GMT). 


(Optional) Used to filter the XML output 
to show only vulnerabilities published 
after a certain date and time. The 
date/time is specified in YYYY-MM- 
DD[THH:MM:SSZ] format (UTC/GMT). 


(Optional) Used to filter the XML output 
to show only vulnerabilities published 
before a certain date and time. The 
date/time is specified in YYYY-MM- 
DD[THH:MM:SSZ] format (UTC/GMT). 


(Optional) Used to filter the XML output 
to show only vulnerabilities assigned a 


discovery_auth_types={value} 


show_pci_reasons={O|1} 


certain discovery method. A valid value 
is: Remote, Authenticated, RemoteOnly, 
AuthenticatedOnly, or 
RemoteAndAuthenticated. 


When “Authenticated” is specified, the 
service shows vulnerabilities that have at 
least one associated authentication type. 
Vulnerabilities that have at least one 
authentication type can be detected in 
two ways: 1) remotely without using 
authentication, and 2) using 
authentication. 


(Optional) Used to filter the XML output 
to show only vulnerabilities having one 
or more authentication types. A valid 
value is: Windows, Oracle, Unix or SNMP. 
Multiple values are entered as a comma- 
separated list. 


(Optional) Used to filter the XML output 
to show reasons for passing or failing PCI 
compliance (when the CVSS Scoring 
feature is turned on in the user’s 
subscription). Specify 1 to view the 
reasons in the XML output. When 
unspecified, the reasons are not included 
in the XML output. 


Sample - All vulnerabilities in KnolwedgeBase, all details 


API request 


curl -u "user:password" -H "X-Requested-With: Curl" -X "POST" 


-d "action=list" 


“https://qualysapi.qualys.com/api/2.0/fo/knowledge base/vuln/" > 


output.txt 


Sample - Patchable vulnerabilities, all details 


API request 


curl -u "user:password" -H "X-Requested-With: Curl" -X "POST" 

-d “action=list&ids=1-200&is patchable=1&details=All" 
“https://qualysapi.qualys.com/api/2.0/fo/knowledge base/vuln/" > 

output.txt 


Sample - Vulnerabilities modified after certain date 


API request 


curl -u "user:password" -H "X-Requested-With: Curl" -X "POST" 

-d “action=list&last modified by service after=2018-07-20 

&discovery_method=RemoteAndAuthenticated" 
“https://qualysapi.qualys.com/api/2.0/fo/knowledge base/vuln/" > 

output.txt 


DTD 


<platform API 
server>/api/2.0/fo/knowledge_base/vuln/knowledge_base_vuln_list_output. 
dtd 


Know your portal version 
/aps/rest/portal/version/ 


[GET] [POST] 


Using the Version API you can find out the installed version of Portal and its 
sub-modules that are available in your subscription. 


Sample XML 


API request 


curl -u "USERNAME:PASSWORD" -X "GET" -H "Accept: application/xml" 
https: //qualysapi.qualys.com/qps/rest/portal/version 


Response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/ve 
rsion.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Portal-Version> 
<PortalApplication-VERSION>3.5.@.@-SNAPSHOT-1 DEVELOP #92 
(2821-81-19T81:51:21Z)</PortalApplication-VERSION> 
<ITAM-VERSION>1.3.1.0-18</ITAM-VERSION> 
<CS-VERSION>1.9.0.@-SNAPSHOT</CS-VERSION> 
<CA-VERSION>3.4.0.@</CA-VERSION> 
<QGS-VERSION>1.2.0.0-6</QGS-VERSION> 
<QUESTIONNAIRE-VERSION>2.26.8.8</QUESTIONNAIRE-VERSION> 
<SAC-VERSION>1.8.8-SNAPSHOT</SAC-VERSION> 
<WAF -VERSION>2.12.6.0</WAF -VERSION> 
<QUESTIONNATIRE__V2-VERSION>1.13.1.0- 
SNAPSHOT</QUESTIONNAIRE__V2-VERSION> 
<WAS-VERSION>6.17.8.8-SNAPSHOT -32< /WAS-VERSION> 
<FIM-VERSION>2.6.0.0-23</FIM-VERSION> 
<ICS-VERSION>8.9.1.8-12</ICS-VERSION> 
<VM-VERSION>1.0.3</VM-VERSION> 


<CERTVIEW-VERSION>2.8.0.0-20</CERTVIEW-VERSION> 
<CLOUDVIEW-VERSION>1.9.2.8-SNAPSHOT</CLOUDVIEW-VERSION> 
<CM-VERSION>1.31.0.0</CM-VERSION> 
<MDS-VERSION>2.16.1.@-SNAPSHOT -2</MDS-VERSION> 
<PM-VERSION>1.5.8.8-2</PM-VERSION> 
<PS-VERSION>1.3.0.0-16</PS-VERSION> 
<IOC-VERSION>1.2.0-15</IOC-VERSION> 
<THREAT__PROTECT-VERSION>1.5.8-SNAPSHOT</THREAT__PROTECT- 
VERSION> 
<AV2-VERSION>@.1.0</AV2-VERSION> 
<UD-VERSION>1.8.8</UD-VERSION> 
</Portal-Version> 
<QWeb-Version> 
<WEB-VERSION>18.7.8.8-1</WEB-VERSION> 
<SCANNER-VERSION>12.1.68-1</SCANNER-VERSION> 
<VULNSIGS-VERSION>2.5.84-2</VULNSIGS -VERSION> 
</QWeb-Version> 
</data> 
</ServiceResponse> 


Sample JSON 


API request 


curl -u "USERNAME:PASSWORD" -X "GET" -H "Accept: application/json" 
https: //qualysapi.qualys.com/qps/rest/portal/version 


Response 


{ 


"ServiceResponse": { 
date: ol 


"Portal-Version": { 

“PortalApplication-VERSION": "3.5.8.8-SNAPSHOT-1 DEVELOP #92 
(2821-81-19T01:51:21Z)", 

"WAS-VERSION": "6.17.8.8-SNAPSHOT-32", 

"VM-VERSION": "1.0.3", 

"CM-VERSION": "1.20.1", 

"MDS-VERSION": "2.16.1.0-SNAPSHOT-2", 

SCA-VERSTONS: 772.9.1,07, 

"QUESTIONNAIRE-VERSION": "2.14.0.4", 

"WAF-VERSION": "2.12.6.0" 


hs 


} 


], 
"responseCode": "SUCCESS", 


EGO U nia 


JSON Support 


WAS API supports JSON requests and responses starting with WAS version 
4.5. Samples are shown below. 


Sample 1 - Create an option profile 


API request 


cat createOP.json | curl -s -X POST -H "Accept: application/json" -H 
“Content-Type: application/json" -H "user: username" -H "password: 
passwd" -d @- 
"https://qualysapi.qualys.com/gps/rest/3.8/create/was/optionprofile/" 


POST data: 
{ 
"ServiceRequest": { 
"data": { 
“OptionProfile": { 
"name": "OP creation - with json request and response", 
"timeoutErrorThreshold": "10", 
"unexpectedErrorThreshold": "20" 
} 
} 
} 
} 


JSON output 


il 
"ServiceResponse": { 
sdatam- | 
{ 
"OptionProfile": { 

"id": 464134, 
"formSubmission": "BOTH", 
"owner": { 


"lastName": "Smith", 


"username": "username", 
"FirstName": "Steve", 
"id": 4354 

Jo 

"createdBy": { 
"lastName": "Smith", 


"username": "username", 
"firstName": "Steve", 
"id": 4354 

hs 

"tags": { 
"count": @ 

hs 


"bruteforceOption": "MINIMAL", 
"updatedBy": { 
"lastName": "Smith", 


"username": "username", 
"firstName": "Steve", 
atol Ss 4354) 


hs 

"maxCrawlRequests": 300, 

"sensitiveContent": { 
"ereditCardNumber": "false", 
"socialSecurityNumber": "false" 

js 

"updatedDate": "2015-12-15T13:39:25Z", 

"comments": { 

count": ® 


"createdDate": "2015-12-15T13:39:25Z", 
"parameterSet": { 

"name": "Initial Parameters", 

e100 EO 
js 
"isDefault": "false", 
"unexpectedErrorThreshold": 20, 


"performance": "LOW", 
"name": "OP creation - with json request and response", 
“ignoreBinaryFiles": "false", 
"timeoutErrorThreshold": 1® 
i 
} 
], 


Seount-: I, 
"responseCode": "SUCCESS" 
} 


Sample 2 - Launch a scan 


API request 


cat createOP.json | curl -s -X POST -H "Accept: application/json" -H 
“Content-Type: application/json" -H "user: username" -H "password: 
passwd" -d @- 
“https://qualysapi.qualys.com/gps/rest/3.0/launch/was/wasscan/" 


POST data: 
A 
"ServiceRequest": { 
"data": { 
"WasScan": { 
"name": "WebApp Default Auth", 
"type": "VULNERABILITY", 
"target": { 
"webApp": { "id": "2640672" }, 
"webAppAuthRecord": { "isDefault": "true" } 
} 
"cancelAfterNHours": "1", 
profile 2,’ id: 74509367} 


JSON output 
if 


"ServiceResponse" : { 
"responseCode" : "SUCCESS", 
“data, : 4 

"WasScan" : { 
"id" : 1498381 
} 
elle 


comet. 2 al 


Sample 3 - Get a WAS scan 


API request 


cat createOP.json | curl -s -X POST -H "Accept: application/json" -H 
"Content-Type: application/json" -H "user: username" -H "password: 
passwd" -d @- 
"https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan/" 


POST data: 
x 
"ServiceRequest": { 
"data": { 
"WasScan": { 
"name": "WebApp Default Auth", 
"type": "VULNERABILITY", 
"target": { 
"webApp": { "id": "2640672" }, 
"webAppAuthRecord": { "isDefault": "true" } 


}> 
"cancelAfterNHours": "1", 
protest iden SGI Gan: 
} 
} 
i 


JSON output 
i 


"ServiceResponse" : { 
"responseCode" : "SUCCESS", 
data ol 

"WasScan" : { 
"id" 1493381 
} 
y de 


“Coline 3 al 


} 


Sample 4 - Search WAS Findings with Multiple Criteria 


API request 


cat createOP.json | curl -s -X POST -H "Accept: application/json" -H 
“Content-Type: application/json" -H "user: username" -H "password: 


passwd" -d @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/ finding" 


POST data: 
\ 
"ServiceRequest": { 
"preferences": { 
"verbose": "true", 
"limitResults": "2" 
}> 
“rilters 2 { 
PCr tenias: 
i 
Le UC ace elder 
"operator": "EQUALS", 
"value": "3615376" 


tield- > gid, 
"operator": "NOT EQUALS", 
avales: al in 


JSON output 
it 


"ServiceResponse": { 
"data": [ 


"Finding": | 
Sur 22 http: 7710.11.68.95/bricks/config/ >, 
"lastDetectedDate": "2821-86-21T82:19:15Z", 
"cwe": { 


rida- 3615376, 

"lastTestedDate": "2021-86-21T82:18:15Z", 
"firstDetectedDate": "2021-86-21T02:10:15Z", 
"findingType": "QUALYS", 


"updatedDate": "2021-86-21T02:26:31Z", 
hts tony 
set": [ 


"WebAppFindingHistory": { 
"scanData": { 
"reference": "was/1624029515335.1191085.70", 
“launchedDate": "2821-86-21T02:10:15Z", 
Hae) 9 AWS en7/ 


} 
} 
} 
] 
J 


"potential": "false", 
KeS eat US eN Ee 
"severity": "1", 
"webApp": { 

elden SAAD 
tags": { 


"url": "http://10.11.68.95/digestApp", 
"name": “Latest Target612" 
js 
"uniqueld": "@bfd3ee4-db6f -4d82-b970-1650a4186637", 
"name": "Path-relative stylesheet import (PRSSI) 
vulnerability", 
"qid": 150246, 
OVS SVS 
"temporal": 2.9, 
"attackVector": "Network", 
"base": 3.1 
hs 
"resultList": { 
count: 15 
AES tn 


"Result": { 
"ajax": "false", 
"payloads": { 

acount: el 
pliist 


"PayloadInstance": { 
"request": { 


"headers": 
“UmVmZXJ 1c jogaHR@cDovLZEwLjExLjY4Ljk1L2RpZ2VzdEFwcA@KQ29va2110iBQSFBTR 
VNTSUQ9bZAXNmShMWpnZXZhNmF 20T 1 tdwWwxc jRrdDM7DQpIb3N@0iAxXMC4xMS420C45NQ0 
KVXN1ci1BZ2VudDogTW96aWxsYS81L jAgKELhY21udG9zaDsgSWSOZWwe TWF IESTIFggM 
TBFMTRFNSkgQXBwbGVXZWI LaxXQvNjA1LjEUMTUgKEtIVEIMLCBsaWtlIEd1Y2tvKSBWZX3J 
ZaW9uLzEyLjEUMSBTYWZhcmkvNjA1L j EUMTUNCkKF j Y2VwdDogKi8qDQo=" , 
“method”: "GET", 
linke: 
"http://10.11.68.95/bricks/config/" 
Jo 
"response": "\nRelative Path CSS Links 
found: \n<link rel=\"stylesheet\" 
href=\"../stylesheets/foundation.css\">\n<link rel=\"stylesheet\" 
href=\"../stylesheets/foundation.min.css\">\n<link rel=\"stylesheet\" 
href=\"../stylesheets/app.css\">", 
"payload": "N/A" 
} 
} 
] 
hs 
"authentication": "false" 
} 
} 
] 
Jo 


"isIgnored": "false", 
"timesDetected": 1, 
"type": "VULNERABILITY" 


} 
} 
Ip 
"responseCode": "SUCCESS", 
"hasMoreRecords": "false", 
"count": 1 


Web Applications 


Web Application Count 
/aps/rest/3.0/count/was/webapp 


[GET] [POST] 


Returns the total number of web applications in the user’s account. Input 
elements are optional and are used to filter the number of web applications 
included in the count. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The count 
includes web applications in the user's scope. 

Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 


descriptions of <WebApp> elements. 


Click here for available operators 


Parameter Description 

id (integer) Web application ID. 

name (text) Web application name. 

url (text) The URL of web application. 
tags.name (text) Tag name assigned to web application. 
tags.id (integer) Tag ID assigned to web application. 


createdDate (date) The date when the web application was created 


in WAS, in UTC date/time format. 


updatedDate (date) The date when the web application was last 
updated in WAS, in UTC date/time format. 


isScheduled (boolean) A flag indicating whether a scan is 
scheduled for web application. 


isScanned (boolean) A flag indicating whether the web 
application has been scanned. 


lastScan.status (keyword) Scan status reported by last web 
application scan: SUBMITTED, RUNNING, FINISHED, 
TIME_LIMIT_EXCEEDED, SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, ERROR or CANCELED 


lastScan.date (date) Date when web application was last scanned, in 
UTC date/time format. 


Sample - Get count of web apps, all in user’s account 


API request 


curl -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/gps/rest/3.8/count/was/webapp" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/20881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>227</count> 
</ServiceResponse> 


Sample - Get count of web apps in ID range 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 


data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/count/was/webapp" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="IN">323126, 323816</Criteria> 
</filters> 
</ServiceRequest> 


XML response 
<?xml version="1.8" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 


xXSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 


@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>®</count> 

</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/webapp.xsd 


Search Web Application 
/aps/rest/3.0/search/was/webapp 


[POST] 


Returns a list of web applications which are in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes web applications in the user's scope. 

Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 


descriptions of <WebApp> elements. 


The special field=attributes attribute for the Criteria element is used to search 
custom attributes (see sample below). 


Click here for available operators 


Parameter Description 

id (integer) Web application ID. 

name (text) Web application name. 

url (text) The URL of web application. 

tags (element) Tags assigned to web application. Click here 


for description of this <WebApp> element 
tags.name (text) Tag name assigned to web application. 


tags.id (integer) Tag ID assigned to web application. 


createdDate 


updatedDate 


isScheduled 


isScanned 


lastScan.status 


lastScan.date 


verbose 


(date) The date when the web application was created 
in WAS, in UTC date/time format. 


(date) The date when the web application was last 
updated in WAS, in UTC date/time format. 


(boolean) A flag indicating whether a scan is 
scheduled for web application. 


(boolean) A flag indicating whether the web 
application has been scanned. 


(keyword) Scan status reported by last web 
application scan: SUBMITTED, RUNNING, FINISHED, 
TIME_LIMIT_EXCEEDED, SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, ERROR or CANCELED 


(date) Date when web application was last scanned, in 
UTC date/time format. 


(boolean) A flag to indicate whether the list of tags 
associated with the web application should be listed or 
not. 


Example: 


<preferences> 
<verbose>true</verbose> 
</preferences> 


Sample - List all web apps in user's account 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" -X 


"POST" 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<hasMoreRecords>false</hasMoreRecords> 
<lastId>323103</lastId> 
<data> 
<WebApp> 
<id>323102</id> 
<name><![CDATA[My Web Application] ]></name> 
<url><![CDATA[ https: //example.com] ]></url> 
<owner> 
<id>123068</id> 
</owner> 
<tags> 
<count>3</count> 
</tags> 
<createdDate>2017-11-22T13:48:83Z</createdDate> 
<updatedDate>2018-09-19T13:41:07Z</updatedDate> 
</WebApp> 
<WebApp> 
<id>323103</id> 
<name><![CDATA[Demo Web App] ]></name> 
<url><![CDATA[http://10.10.26.200:80/phpBB/1.4.4 basic] ]></url> 
<owner> 
<id>123071</id> 
</owner> 
<tags> 
<count>®</count> 
</tags> 
<createdDate>2018-06-22T13:45:46Z</createdDate> 
<updatedDate>2018-89-16T14:33:38Z</updatedDate> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - List certain web apps 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 


"https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" < 
file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">Merchant</Criteria> 
<Criteria field="id" operator="GREATER">323888</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/gqps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WebApp> 
<id>323476</id> 
<name><![CDATA[Merchant site 1]]></name> 
<url><![CDATA[http://10.10.25.116:80/merchant/2.2/themerchant ] ]> 
</url> 
<owner> 
<id>123056</id> 
</owner> 
<tags> 
<count>®</count> 
</tags> 
<createdDate>2018-82-21T15:24:49Z</createdDate> 
<updatedDate>2018-07-03T16:53:37Z</updatedDate> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Search Web Application and view associated tags 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<preferences> 
<verbose>true</verbose> 
</preferences> 
<filters> 
<Criteria field="name" operator="CONTAINS" >My Web 
Application</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WebApp> 
<id>6620298</id> 
<name> 
<![CDATA[My Web Application] ]> 
</name> 
<url> 
<! [CDATA[http: //www.example.com] ]> 
</url> 
<owner> 
<id>1056860</id> 
</owner> 
<tags> 
<count>1</count> 
lice 
<Tag> 
<id>9029017</id> 
<name> 
<![CDATA[ TagWebapp1 ] ]> 


</name> 
</Tag> 
</list> 
</tags> 
<createdDate>2017-12-151T16:13:06Z</createdDate> 
<updatedDate>2018-11-19T04: 38: 08Z</updatedDate> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Search custom attributes 


Search custom attributes using the field attribute for the Criteria element. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Find web applications that have a custom attribute name “Function” and this 
attribute has a value that contains “web” (case insensitive search). 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="attributes" name="Function" 
operator="CONTAINS">web</Criteria> 
</filters> 
</ServiceRequest> 


Find web applications that have a custom attribute name “Function” and this 
attribute has a value that is equal to “web”. 


Request POST data (EQUALS) 


<ServiceRequest> 
<filters> 


<Criteria field="attributes" name="Function" 
operator="EQUALS">web</Criteria> 
</filters> 
</ServiceRequest> 


Find web applications that have a custom attribute name “Function” and this 
attribute has a value not equal to “web”. 


Request POST data (NOT EQUALS) 


<ServiceRequest> 
<filters> 
<Criteria field="attributes" name="Function" operator="NOT 
EQUALS">web</Criteria> 
</filters> 
</ServiceRequest> 


XSD 


<platform API server>/qps/xsd/3.0/was/webapp.xsd 


Get Web Application Details 
/aps/rest/3.0/get/was/webapp/<id> 

[GET] 

Returns details for a web application which is in the user’s scope. Want to find 
a web application ID to use as input? See Search Web applications. 

The web application screenshot, when available, is included in the output in 
the “screenshot” element as a base64 encoded binary string. This string needs 
to be converted before a user can decode and view the image file (.jpg). 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The output 
includes web applications in the user's scope. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies a web application. 


Click here for available operators 


Samples 


View details for the web application 


Get details - DNS override settings 


Get details - logout regular expression list 


View default authentication record details 


Get details - Selenium crawl script 


Get details of a progressive scan 


Sample - View details for the web application 


Let us view details for the web application with the ID 2130421. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/webapp/ 2130421" 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>2130421</id> 
<name><![CDATA[CUSTOM PARAM TEST] ]></name> 
<url><![CDATA 
[http: //funkytown. abcd@1.abcd.com/Forms/FormFields/temp/ | ]></url> 
<os>Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP / Linux 
2.6</os> 
<owner> 
<id>4354</id> 
<username>user_alex</username> 
<firstName>< ! [CDATA[ Alex ]]></firstName> 
<lastName>< ! [CDATA[ Smith ] ]></lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>®</count> 
</attributes> 
<defaultProfile> 
<id>139359</id> 
<name><![CDATA[1@ Links edit] ]></name> 
</defaultProfile> 
<defaultScanner> 
<type>EXTERNAL</type> 
</defaultScanner> 
<scannerLocked>false</scannerLocked> 
<urlBlacklist> 
<count>@</count> 


</urlBlacklist> 
<urlWhitelist> 
<count>®</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>®</count> 
</postDataBlacklist> 
<authRecords> 
<count>1</count> 
Sas 
<WebAppAuthRecord> 
<1d>127357<//1d> 
<name><![CDATA[AR - funkytown] ]></name> 
</WebAppAuthRecord> 
ESE 
</authRecords> 
<useRobots >IGNORE</useRobots> 
<useSitemap>false</useSitemap> 
<malwareMonitoring>true</malwareMonitoring> 
<malwareNotification>true</malwareNotification> 
<malwareScheduling> 
<startDate>2017 -03-03T09:50:00Z</startDate> 
<timeZone> 
<code>Asia/Kolkata</code> 
<offset>+05 : 30</offset> 
</timeZone> 
<occurrenceType>MONTHLY</occurrenceType> 
<occurrence> 
<monthlyOccurrence> 
<monthlyType> 
<occurDayOrderInMonth> 
<dayOrder>FIRST</dayOrder> 
<dayOfMonth>THURSDAY</dayOfMonth> 
<everyNMonths>1</everyNMonths> 
</occurDayOrderInMonth> 
</monthlyType> 
<occurrenceCount>4</occurrenceCount> 
</monthlyOccurrence> 
</occurrence> 
</malwareScheduling> 
<tags> 
<count>4</count> 
<list> 
<Tag> 
<id>1730872</id> 
<name><! [CDATA[new tag]]></name> 


</Tag> 
<Tag> 
<id>1418973</id> 
<name><![CDATA[Cert Tag] ]></name> 
</Tag> 
<Tag> 
<id>1693034</id> 
<name><![CDATA[My Tag name] ]></name> 
</Tag> 
<Tag> 
<id>1693032</id> 
<name><! [CDATA[Groovy tag -1]]></name> 
</Tag> 
</list> 
</tags> 
<comments> 
<count>®</count> 
</comments> 
<isScheduled>false</isScheduled> 
<lastScan> 
<id>827468</id> 
<name><![CDATA[Web Application Vulnerability Scan - CUSTOM 
PARAM TEST] ]></name> 
</lastScan> 
<createdBy> 
<id>4354</id> 
<username>user_alex</username> 
<firstName>< ! [CDATA[ Alex] ]></firstName> 
<lastName>< ! [CDATA[ Smith ] ]></lastName> 
</createdBy> 
<createdDate>2017-07-24T09:88:49Z</createdDate> 
<updatedBy> 
<id>4354</id> 
<username>user_alex</username> 
<firstName>< ! [CDATA[ Alex ]]></firstName> 
<lastName>< ! [CDATA[ Smith ] ]></lastName> 
</updatedBy> 
<updatedDate>2017-89-24T23:34:17Z</updatedDate> 
<screenshot><! [CDATA[_95_4AAQSkZIRGABAQEAegBrAAD_2wBDAAYEBQYFBAYGBQYHB 
wYIChAKCgkJChQODwwQFxQYGBCUFhYaHSUfGhs jHBYWICwgIyYnKSopGR8tMCQoMCUoKS j 
_ 2wBDAQcHBwoIChMKChMoGhY aKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCg 
… (shortened for brevity) 
Convert this value in order to decode and view the image file (.jpg). 
</screenshot> 
</WebApp> 
</data> 


</ServiceResponse> 


Sample - Get details - DNS override settings 


Let us get details of the web application with ID 2508873 that includes DNS 
override records. The dnsOverrides element lists the records. 


API request 


curl -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/webapp/ 2508873" 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>2508873</id> 
<name> 
<![CDATA[My Web App] ]> 
</name> 
<ul> 
<! [CDATA[http://funkytown.vuln.qa.com:88/cassium/xss/]]> 
</url> 
<owner> 
<id>4354</id> 
<username>user_adam</username> 
<firstName> 
<! [CDATA[ Adam] ]> 
</firstName> 
<lastName> 
<! [CDATA[Smith ] ]> 
</lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>®</count> 
</attributes> 
<defaultScanner> 


<type>INTERNAL</type> 
<friendlyName> 
<! [CDATA[db4_abcd_ab2] ]> 
</friendlyName> 
</defaultScanner> 
<scannerLocked>false</scannerLocked> 
<progressiveScanning>true</progressiveScanning> 
<urlBlacklist> 
<count>®</count> 
</urlBlacklist> 
<urlWhitelist»> 
<count>®</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>®</count> 
</postDataBlacklist> 
<authRecords> 
<count>®</count> 
</authRecords> 
<dnsOverrides> 
<count>2</count> 
<list> 
<DnsOverride> 
<id>1620</id> 
<name> 
<![CDATA[DNS Override Settings 1]]> 
</name> 
</DnsOverride> 
<DnsOverride> 
<id>1020</id> 
<name> 
<![CDATA[DNS Override Settings 2]]> 
</name> 
</DnsOverride> 
</list> 
</dnsOverrides> 
<useRobots >IGNORE</useRobots > 
<useSitemap>false</useSitemap> 
<malwareMonitoring>false</malwareMonitoring> 


Sample - Get details - logout regular expression list 


Let us get details for the webapp with logout regular expression list. 


API request 


curl -u "USERNAME:PASSWORD" -X GET -H ‘Content-type: text/xml’ 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/webapp/842222" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/gps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>842222</id> 
<name><![CDATA[My Web Application]></name> 
<url><![CDATA[ http: //mywebapp. com] ]></url> 
<owner> 
<id>337014</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>®</count> 
</attributes> 
<defaultScanner> 
<type>EXTERNAL</type> 
</defaultScanner> 
<scannerLocked>false</scannerLocked> 
<urlBlacklist> 
<count>®</count> 
</urlBlacklist> 
<urlWhitelist> 
<count>®</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>®</count> 
</postDataBlacklist> 
<logoutRegexList> 
<count>1</count> 
<list> 
<UrlEntry regex="true"><![CDATA[ leave] ]></UrlEntry> 
</list> 


</logoutRegexList> 
<authRecords> 
<count>®</count> 
</authRecords> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Default authentication record details 


Let us view the default authentication record details for a web application. 


API request 


curl -n -u "USERNAME :PASSWORD" -X GET -H ‘Content-type: text/xml’ 
“https://qualysapi.qualys.com/gps/rest/3.0/get/was/webapp/53040" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>53040</id> 
<name>< ! [CDATA[WASUI-5597 ] ]></name> 


<config> 


<defaultAuthRecord> 
<id>9133</id> 
<name> 
<! [CDATA[WASUI-6453] ]> 
</name> 
</defaultAuthRecord> 
</config> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Selenium crawl script 


Let us get details for the webapp with a response that returns details of the 
selenium crawl script along with other details for the web application. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/webapp/937657" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/rest/xs 
d/3.8/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>937657</id> 
<name><![CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //mywebapp. com] ]></url> 
<owner> 
<id>337014</id> 
<username>john_doe</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>@</count> 
</attributes> 
<defaultScanner> 
<type>EXTERNAL</type> 
</defaultScanner> 
<scannerLocked>false</scannerLocked> 
<urlBlacklist> 
<count>@</count> 
</urlBlacklist> 
<urlWhitelist> 
<count>@</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>@</count> 
</postDataBlacklist> 
<logoutRegexList> 
<count>@</count> 


</logoutRegexList> 
<authRecords> 
<count>®</count> 
</authRecords> 
<dnsOverrides> 
<count>®</count> 
</dnsOverrides> 
<useRobots>IGNORE</useRobots> 
<useSitemap>false</useSitemap> 
<malwareMonitoring>false</malwareMonitoring> 
<malwareNotification>false</malwareNotification> 
<tags> 
<count>®</count> 
</tags> 
<comments> 
<count>®</count> 
</comments> 
<isScheduled>false</isScheduled> 
<createdBy> 
<id>337014</id> 
<username>john_doe</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Doe] ]></lastName> 
</createdBy> 
<createdDate>2017-02-06T10:54:00Z</createdDate> 
<updatedBy> 
<id>337014</id> 
<username>john_doe</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 


</updatedBy> 
<updatedDate>2017-02-06T10:54:00Z</updatedDate> 
<config/> 
<crawlingScripts> 
<count>1</count> 
lS 
<SeleniumScript> 
<id>2500</id> 
<name><![CDATA[TestSeleniumScript ] ]> 
</name> 
<data> 


<! [CDATA[ 

<?xml version="1.8" encoding="UTF-8" ?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 
1.8 Strict//EN" “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 

<html xmIns="http://www.w3.org/1999/xhtml" 


xml: lang="en" lang="en"> 
<head profile="http://selenium- 
ide.openga.org/profiles/test-case"> 
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" 
hres- http: //10.10,.26.2387 7 > 
<title>New Test</title> 
</head> 
<body> 
<table cellpadding="1" 
cellspacing="1" border="1"> 
<thead> 
SPS 
<td rowspan="1" 
colspan="3">New Test</td> 
</tr> 
</thead> 
<tbody> 
Sul 
<td>open</td> 
<td>http://10.10.26.23 
8/</td> 
<td></td> 
<7 a> 
Ste 
<td>type</td> 
<td>name=login</td> 
<td>admin</td> 
</> 
<tr> 
<td>type</td> 
<td>name=password</td> 
<td>abc123</td> 
</tr> 
Gelre 
<td>clickAndWait</td> 
<td>name=submit</td> 
<td></td> 
</tr> 
</tbody> 
</table> 
</body></html>]]> 
</data> 
<requiresAuthentication>true 
</requiresAuthentication> 


<startingUrl> 
<! [CDATA[ http: //www.mywebapp.com]]> 
</startingUr1> 
<startingUrlRegex>true</startingUrlRegex> 
</SeleniumScript> 
<7 laste > 
</crawlingScripts> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Get details of a progressive scan 


If Progressive Scanning is enabled for the subscription, the 
progressiveScanning element is displayed in GET call responses. If 
Progressive Scanning is not enabled for the subscription, the element is not 
included. For all existing web applications created prior to WAS 4.0 the value 
will be set to TRUE by default. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/webapp/323102" 


XML response 


<ServiceResponse 

xmlns:xsi="http: //www.w3.org/2001/XMLSchema- instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<WebApp> 
<id>323102</id> 
<name> 
<! [CDATA[MamboCMS] ] > 

</name> 
<url> 


<![CDATA[http://funkytown.abcd81.abcd.com/Forms/FormFie 
lds/temp/updated_web_app_name] ]> 
</ürl> 


<scannerLocked>false</scannerLocked> 
<progressiveScanning>false</progressiveScanning> 


XSD 


<platform API server>/qps/xsd/3.0/was/webapp.xsd 


Create Web Application 
/aps/rest/3.0/create/was/webapp 


[POST] 


A web application is a configuration in your account. Once created, a user can 
select the web application as the target of a web application scan. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and WAS Asset 
Permission “Create Web Asset”. The output includes web applications in the 
user's scope. If you want to add postman collection files, you must have the 
'ENABLE_POSTMAN_COLLECTION’ option enabled for your account. If this 
option is not enabled, contact Qualys Support to enable this option. 


Input Parameters 
These elements are optional and act as filters. When multiple elements are 


specified, parameters are combined using a logical AND. Click here for 
descriptions of <WebApp> elements. 


Click here for available operators 
When only “name” and “url” are specified: 


- Scope defaults to ALL. The scanner will crawl all directories and sub- 
directories of the starting URL. 


- No default option profile is specified. An option profile must be specified for 
each scan. 


- No authentication records are defined. No form or server authentication will 
be performed. 


- No blacklists or whitelists are defined. All directories and sub-directories of 
the starting URL will be scanned. 


Samples 


Create web app with minimum criteria 


Create web app with one authentication record 


Create web app with multiple criteria 


Create web app with custom attributes 


Create web app and set the default authentication record 


Create web app and assign multiple scanner appliances 


Create web app and add a selenium script 


Create web app and configure Progressive Scanning 


Sample - Create web app - minimum criteria 


Let us create a new web application called “My Web Application” that has the 
starting URL “http://mywebapp.com”. The default web application settings 
are assigned automatically. 


API request 


curl -u "USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name><! [CDATA[My Web Application] ]></name> 
<url><![CDATA[http://mywebapp.com] ]></url> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>1912949</id> 
<name><![CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //mywebapp.com] ] ]></url> 
<owner> 
<id>45941</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>®</count> 
</attributes> 
<defaultScanner> 
<type>EXTERNAL</type> 
</defaultScanner> 
<scannerLocked>false</scannerLocked> 
<urlBlacklist> 
<count>®</count> 
</urlBlacklist> 
<urlWhitelist> 
<count>®</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>®</count> 
</postDataBlacklist> 
<authRecords> 
<count>®</count> 
</authRecords> 
<useRobots>IGNORE</useRobots> 
<useSitemap>false</useSitemap> 
<malwareMonitoring>false</malwareMonitoring> 
<tags> 
<count>®</count> 
</tags> 
<comments> 


<count>@</count> 
</comments> 
<isScheduled>false</isScheduled> 
<createdBy> 
<id>45941</id> 
<username>username</username> 
<firstName><![CDATA[ John] ]></firstName> 
<lastName><![CDATA[Smith] ]></lastName> 
</createdBy> 
<createdDate>2017-10-18T18:26:40Z</createdDate> 
<updatedBy> 
<id>45941</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><![CDATA[Smith] ]></lastName> 
</updatedBy> 
<updatedDate>2017-10-18T18:26:48Z</updatedDate> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Create web app with one authentication record 


Let us create a new web application called “My Web Application” that has the 
starting URL “http://mywebapp.com” and has 1 authentication record. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/create/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name><! [CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //mywebapp.com] ]></url> 
<authRecords> 
<sier> 
<WebAppAuthRecord> 
<id>77350</id> 


</WebAppAuthRecord> 
</set> 
</authRecords> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>1929030</id> 
<name><! [CDATA[My Web Application] ]></name> 
<url><![CDATA[http: //mywebapp. com] ]]></url> 
<owner> 
<id>45941</id> 
<username>username</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>®</count> 
</attributes> 
<defaultScanner> 
<type>EXTERNAL</type> 
</defaultScanner> 
<scannerLocked>false</scannerLocked> 
<urlBlacklist> 
<count>®</count> 
</urlBlacklist> 
<urlWhitelist> 
<count>®</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>®</count> 
</postDataBlacklist> 
<authRecords> 
<count>1</count> 
<list> 


<WebAppAuthRecord> 
<id>77350</id> 
<name><![CDATA[My Authentication Record] ]></name> 

</WebAppAuthRecord> 

<list> 
<useRobots >IGNORE</useRobots> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Create web app with multiple criteria 


Let us create a new web application with the name “My Web Application” and 
the starting URL “http://www.example.com”. The web application is assigned 
custom settings as defined in the request POST data. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name><![CDATA[My Web Application] ]></name> 
<url> <![CDATA[http://www.example.com]]></url> 
<scope>DOMAINS</scope> 
<domains> 
<set> 
<Domain><! [CDATA[ corp2.ab.myapp.com] ]></Domain> 
<Domain><! [CDATA[ corp1.myapp.com] ]></Domain> 
</set> 
</domains> 
<uris> 
<Sieie> 
<Url><![CDATA[http://corp1.myapp.com] ]></Url> 
<Url><![CDATA[ http://corp1.myapp.com/ ]]></Url1> 
<Ur1><![CDATA[https://corp1.myapp.com] |></Ur1> 
<Url><![CDATA[ https: //corp1.myapp.com/]]></Url> 


<Ur1><![CDATA[ https: //corp1.myapp.com:443]]></Url> 
<Ur1l><![CDATA[ https: //corp1.myapp.com:443/]]></Ur1> 
<Ur1><![CDATA[ http: //corp1.myapp.com:8@80/ ]]></Url1> 
<Ur1><![CDATA[ http: //corp1.myapp.com/startingUri ] ]></Url1> 
<Url1><![CDATA[http://corpi.myapp.com/startingUri?]]></Url> 
<Ur1><![CDATA[http://corp1.myapp.com/startingUri?param=true]]> </Url> 
<Ur1><![CDATA[http://corpi.myapp.com/startingUri?param=true&param2=fal 
se]]></Url> 
<Ur1><![CDATA[http://corp1.myapp.com/otherUri ] ]></Ur1> 
<Ur1><![CDATA[ http: //corp1.myapp.com/otherUri?param=1] ]></Ur1> 
<Ur1><![CDATA[http://corp2.ab.myapp.com] ]></Url> 
<Ur1l><![CDATA[http://corp2.ab.myapp.com/]]></Url1> 
<Ur1><![CDATA[https://corp2.ab.myapp.com]]></Ur1> 
<Url><![CDATA[https://corp2.ab.myapp.com/]]></Url1> 
<Ur1><![CDATA[ https: //corp2.ab.myapp.com:443]]></Url1> 
<Url><![CDATA[https://corp2.ab.myapp.com:443/] ]></Ur1> 
<Ur1><![CDATA[http://corp2.ab.myapp. com: 8080/ ] ]></Url> 
<Ur1><![CDATA[http://corp2.ab.myapp.com/startingUri ] ]></Url> 
<Ur1><![CDATA[http://corp2.ab.myapp.com/startingUri?]]></Url> 
<Ur1><![CDATA[http://corp2.ab.myapp.com/startingUri?param=true ] ]></Url 
> 
<Ur1><![CDATA[ http: //corp2.ab.myapp. com: 443/startingUri?param=true&par 
am2=false]]></Url> 
<Url><![CDATA[https://corp2.ab.myapp.com:8888/otherUri]]></Ur1> 
<Ur1><![CDATA[https://corp2.ab.myapp.com/otherUri?param=1] ]></Ur1> 
<Ur1><![CDATA[https://corp2.ab.myapp.com/otherUri?param=1] ]></Ur1> 
</set> 
</uris> 
<tags><set> 
<Tag><id>217118</id></Tag> 
<Tag><id>152743</id></Tag> 
<Tag><id>216368</id></Tag> 
<Tag><id>153442</id></Tag> 
</set> 
</tags> 
<defaultProfile> 
<id>90212</id> 
</defaultProfile> 
<defaultScanner> 
<type>INTERNAL</type> 
<friendlyName>< ! [CDATA[ friendlyname] ]> 
</friendlyName> 
</defaultScanner> 
<dnsOverrides> 
<set> 
<DnsOverride> 


<id>2022</id> 
</DnsOverride> 
</set> 
</dnsOverrides> 
<useRobots>BLACKLIST</useRobots> 
<useSitemap>true</useSitemap> 
<headers> 
ISIC, 
<WebAppHeader><! [CDATA[ some headers] ]> </WebAppHeader> 
</set> 
</headers> 
<urlBlacklist> 
GS ek: 
<UrlEntry regex="true"> 
<![CDATA[http://rg.blacklist.*.qa.myapp.com] ]></UrlEntry> 
<UrlEntry regex="true"> 
<! [CDATA[http://rg.blacklist.*?]]></UrlEntry> 
<UrlEntry> 
<![CDATA[http://url.blacklist.2.ab.myapp.com]]></UrlEntry> 
<UrlEntry regex="false"> 
<![CDATA[http://url.blacklist.3.qa.myapp.com]]></UrlEntry> 
</set> 
</urlBlacklist> 
<urlWhitelist> 
Sel 
<UrlEntry regex="true"> 
<! [CDATA[http://rg.whitelist.*.qa.myapp.com] ]></UrlEntry> 
<UrlEntry regex="true"> 
<![CDATA[http://rg.whitelist.*?]]></UrlEntry> 
<UrlEntry><![CDATA[http://url 
-whitelist.2.ab.myapp.com]]></UrlEntry><UrlEntry regex="false"><![CDAT 
[http://url.whitelist.3.ab.myapp.com]]></UrlEntry> 
</set> 
</urlWhitelist> 
<postDataBlacklist> 
GS el 
<UrlEntry regex="true"><![CDATA 
[http://rg.postdatblacklist.*.ab.myapp.com]]></UrlEntry> 
<UrlEntry 
regex="true"><![CDATA[http://rg.postdatblacklist.*?]]></UrlEntry> 
</set> 
</postDataBlacklist> 
<comments> 
<set> 
<Comment> 


<contents><![CDATA[some additional 
comments] ]></contents> 
</Comment> 
</set> 
</comments> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>1912750</id> 
<name><![CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //www.example.com]]></url> 
<owner> 
<id>45941</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</owner> 
<scope>DOMAINS</scope> 
<domains> 
<count>2</count> 
<list> 
<Domain><! [CDATA[ corp1.myapp.com] ]></Domain> 
<Domain><! [CDATA[ corp2.ab.myapp. com] ]></Domain> 
liste) 
</domains> 
<uris> 
<count>26</count> 
<list> 
<Ur1><![CDATA[https://corp2.ab.myapp.com]]></Ur1> 
<Url><![CDATA[http://corp1.myapp.com/otherUri?param=1] ]></Ur 
l> 
<Url><![CDATA[http://corp1.myapp.com/]]></Url1> 
<Ur1l><![CDATA[https://corp1.myapp.com] ]></Ur1> 
<Ur1><![CDATA[http://corp1.myapp.com/startingUri? ] ]></Url> 
<Ur1><![CDATA[https://corp2.ab.myapp.com:443/]]></Url1> 


<Ur1><![CDATA[https://corp2.ab.myapp.com/otherUri?param=1 | |> 


</Url> 


<Ur1><![CDATA[https://corpi.myapp.com:443/]]></Url1> 


<Ur1><![CDATA[http 
ue]]></Url> 

<Ur1><! [CDATA[ http 

<Ur1><![CDATA[ http 

<Ur1><![CDATA[ http 
param2=false] ]></Url> 

<Ur1><![CDATA[http 

<Ur1><![CDATA[ http 
]></Url> 

<Ur1><![CDATA[ http 


://corp2. 
il Gcorpe. 
://corpl: 
:/LcorpL. 


7 Lcorpl: 
://corp1. 


INCOrD2. 


ab.myapp.com/startingUri?param=tr 
ab.myapp. com: 808@/ | ]></Url> 
myapp.com/otherUri]]></Ur1> 
myapp.com/startingUri ?param=true& 


myapp.com]]></Url> 
myapp.com/startingUri?param=true] 


ab.myapp.com] ]></Url> 


<Ur1><![CDATA[https://corp2.ab.myapp.com/]]></Url> 
<Url1><![CDATA[http://corp2.ab.myapp.com/]]></Url> 
<Ur1l><![CDATA[https://corp2.ab.myapp.com:443]]></Url1> 
<Url><![CDATA[http://corp1.myapp.com/startingUri ] ]></Url> 
<Ur1l><![CDATA[ https: //corp1.myapp. com: 443] ]></Ur1> 
<Ur1l><![CDATA[http://corp2.ab.myapp.com/startingUri ] ]></Url> 
<Ur1l><![CDATA[http://corp1.myapp.com:8@8@/ ] ]></Ur1> 
<Ur1><![CDATA[https://corp2.ab.myapp.com:8888/otherUri | ]></U 


als 


<Url><![CDATA[https://corp1.myapp.com/]]></Url> 
<Url><![CDATA[http://corp2.ab.myapp.com/startingUri?]]></Url 


> 


<Url><![CDATA[http://corp2.ab.myapp.com:443/startingUri?param=t 


rue&param2=false]]></Url> 
</list> 
</uris> 
<defaultProfile> 
<id>98212</id> 


<name><![CDATA[Initial WAS Options] ]></name> 


</defaultProfile> 
<defaultScanner> 


<type>INTERNAL</type> 
<friendlyName>< ! [CDATA[ friendlyname] ]></friendlyName> 


</defaultScanner> 


<scannerLocked>false</scannerLocked> 


<dnsOverrides> 
<set> 
<DnsOverride> 


<id>2022</id> 


</DnsOverride> 
</set> 
</dnsOverrides> 
<urlBlacklist> 


<count>4</count> 
Clits 
<UrlEntry 
regex="false"><![CDATA[http://url.blacklist.2.ab.myapp.com]]></UrlEntr 
y> 
<UrlEntry 
regex="false"><![CDATA[http://url.blacklist.3.ab.myapp.com]]></UrlEntr 
y> 
<UrlEntry 
regex="true"><![CDATA[http://rg.blacklist.*.ab.myapp.com]]></UrlEntry> 
<UrlEntry 
regex="true"><![CDATA[http://rg. blacklist. *?]]></UrlEntry> 
list» 
</urlBlacklist> 
<urlWhitelist> 
<count>4</count> 
als 
<UrlEntry 
regex="true"><![CDATA[http://rg.whitelist.*.ab.myapp.com]]></UrlEntry> 
<UrlEntry 
regex="true"><![CDATA[http://rg.whitelist.*?]]></UrlEntry> 
<UrlEntry 
regex="false"><![CDATA[http://url.whitelist.2.ab.myapp.com]]></UrlEntr 
y> 
<UrlEntry 
regex="false"><![CDATA[http://url.whitelist.3.ab.myapp.com]]></UrlEntr 
y> 
</ list> 
</urlWhitelist> 
<postDataBlacklist> 
<count>2</count> 
<list> 
<UrlEntry 
regex="true"><![CDATA[http://rg.postdatblacklist.*.ab.myapp.com]]></Ur 
lEntry> 
<UrlEntry 
regex="true"><![CDATA[http://rg.postdatblacklist.*?]]></UrlEntry> 
</list> 
</postDataBlacklist> 
<authRecords> 
<count>®</count> 
</authRecords> 
<useRobots>BLACKLIST</useRobots> 
<useSitemap>true</useSitemap> 
<headers> 
<count>1</count> 


<list> 
<WebAppHeader><![CDATA[some headers] |></WebAppHeader > 
</list> 
</headers> 
<malwareMonitoring>false</malwareMonitoring> 
<tags> 
<count>4</count> 
<list> 
<Tag> 
<id>152743</id> 
<name><![CDATA[Asset Groups] ]></name> 
</Tag> 
<Tag> 
<id>217118</id> 
<name><![CDATA[AUG 27]]></name> 
</Tag> 
<Tag> 
<id>153442</id> 
<name><![CDATA[Malware Domain Assets ]]></name> 
</Tag> 
<Tag> 
<id>216368</id> 
<name><![CDATA[Asset name rule] ]></name> 
</Tag> 
SS 
</tags> 
<comments> 
<count>1</count> 
<list> 
<Comment> 
<contents><![CDATA[some additional comments ]]></contents> 
<createdDate>2017-10-18T17:57:32Z</createdDate> 
</Comment> 
<<) vist 
</comments> 
<isScheduled>false</isScheduled> 
<createdBy> 
<id>45941</id> 
<username>username</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Smith] ]></lastName> 
</createdBy> 
<createdDate>2017-10-18T17:57:32Z</createdDate> 
<updatedBy> 
<id>45941</id> 
<username>username</username> 


<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</updatedBy> 
<updatedDate>2017-10-18T17:57:32Z</updatedDate> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Create web app with custom attributes 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name><![CDATA[Custom Attribute via API] ]></name> 
<url><![CDATA[ http: //funkytown.vuln.qa.qualys.com:80/updated_web_app_n 
ame/]]></url> 
<attributes> 
<set> 
<Attribute> 
<name>Custom key 1</name> 
<value><![CDATA[Custom value 1] ]></value> 
</Attribute> 
</set> 
</attributes> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xXSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<WebApp> 
<id>251468@</id> 
<name><![CDATA[Custom Attribute via API] ]></name> 
<url><![CDATA[http://funkytown.vuln.ga.qualys.com:80/updated_web_app_n 
ame/]]></url> 
<owner> 
<id>4354</id> 
<username>user_steve</username> 
<firstName><! [CDATA[ Steve] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>1</count> 
<list> 
<Attribute> 
<name><![CDATA[Custom key 1]]></name> 
<value><![CDATA[ Custom value 1]]></value> 
</Attribute> 
</list> 
</attributes> 
<defaultScanner> 
<type>EXTERNAL</type> 
</defaultScanner> 
<scannerLocked>false</scannerLocked> 
<progressiveScanning>true</progressiveScanning> 
<urlBlacklist> 
<count>®</count> 
</urlBlacklist> 
<urlWhitelist> 
<count>®</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>®</count> 
</postDataBlacklist> 
<authRecords> 
<count>®</count> 
</authRecords> 
<dnsOverrides> 
<count>®</count> 
</dnsOverrides> 
<useRobots>IGNORE</useRobots> 
<useSitemap>false</useSitemap> 
<malwareMonitoring>false</malwareMonitoring> 


<tags> 
<count>®</count> 

</tags> 

<comments> 
<count>®</count> 

</comments> 

<isScheduled>false</isScheduled> 

<createdBy> 
<id>4354</id> 
<username>user_steve</username> 
<firstName><![CDATA[Steve] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 

</createdBy> 

<createdDate>2017 -09-30T00:18: 38Z</createdDate> 

<updatedBy> 
<id>4354</id> 
<username>user_steve</username> 
<firstName><![CDATA[Steve] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 

</updatedBy> 

<updatedDate>2017 -89-30T00:18: 38Z</updatedDate> 

<config/> 

</WebApp> 
</data> 
</ServiceResponse> 


Sample - Create web app and set the default authentication record 


Let us configure the default authentication record while creating or updating 
the web application. Create a web application with default authentication 
record ID #9133. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 


<name> 
<![CDATA[Create webapp with default auth record] ]|> 
</name> 
<url><![CDATA[ http: //mywebapp. com] ]></url> 
<scope>ALL</scope> 
<scannerLocked>false</scannerLocked> 
<useRobots >IGNORE</useRobots > 
<useSitemap>false</useSitemap> 
<malwareMonitoring>false</malwareMonitoring> 
<config> 
<defaultAuthRecord> 
<id>9133</id> 
</defaultAuthRecord> 
</config> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
o/ 
was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>53040</id> 
<name> 
<![CDATA[Create webapp with default auth record] ]> 
</name> 


<config> 
<defaultAuthRecord> 
<id>9133</id> 
<name> 
<! [CDATA[WAS-9133] ]> 
</name> 
</defaultAuthRecord> 
</config> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Create web app and assign multiple scanner appliances 


Let us create a new web application called “My Web Application” with the 
starting URL “http://mywebapp.com” and assign a group of scanners using 
tag Scannerpool (ID 15415353311147). The default web application settings are 
assigned automatically. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name><! [CDATA[My Web Application]></name> 
<url><![CDATA[http://mywebapp.com] ]></url> 
<defaultScannerTags> 
GSE ED: 
<Tag> 
<1d>15415353311147< /1Q> 
</Tag> 
</set> 
</defaultScannerTags> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/ 
was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>842422</id> 


<name><! [CDATA[My Web Application]></name> 
<url><![CDATA[ http: //mywebapp. com] ]></url> 
<owner> 
<id>337014</id> 
<username>user_john</username> 
<firstName><![CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>®</count> 
</attributes> 
<defaultScannerTags> 
<count>1</count> 
<list> 
<Tag> 
<1d>15415353311147</id> 
<name> 
<! [CDATA[ TagForScanner ] ]> 
</name> 
</Tag> 
</list> 
</defaultScannerTags> 
<scannerLocked>false</scannerLocked> 
<progressiveScanning>false</progressiveScanning> 
<urlBlacklist> 
<count>®</count> 
</urlBlacklist> 
<urlWhitelist> 
<count>®</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>®</count> 
</postDataBlacklist> 
<logoutRegexList> 
<count>®</count> 
</logoutRegexList> 
<authRecords> 
<count>@</count> 
</authRecords> 
<dnsOverrides> 
<count>®</count> 
</dnsOverrides> 
<useRobots>IGNORE</useRobots> 
<useSitemap>false</useSitemap> 
<malwareMonitoring>false</malwareMonitoring> 


<tags> 
<count>@</count> 
</tags> 
<comments> 
<count>@</count> 
</comments> 
<isScheduled>false</isScheduled> 
<createdBy> 
<id>337014</id> 
<username>user_john</username> 
<firstName><![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</createdBy> 
<createdDate>2017-81-12T12:83:37Z</createdDate> 
<updatedBy> 
<id>337014</id> 
<username>user_john</username> 
<firstName><![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</updatedBy> 
<updatedDate>2017-01-12T12:03:37Z</updatedDate> 
<config/> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Create web app and add a selenium script 


Let us create a new web application called “My Web Application” that has the 
starting URL “http://mywebapp.com” and add selenium script 
(TestSeleniumScript) to it. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 


<name><! [CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //mywebapp. com] ]></url> 
<crawlingScripts> 
<set> 
<SeleniumScript> 
<name><![CDATA[TestSeleniumScript ] ]></name> 
<startingUr1><![CDATA[ http: //www.mywebapp. com] 
]> 
</startingUr1> 
<data> 
<![CDATA[<?xml version="1.0" 
encoding="UTF-8" ?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http: //www.w3.org/TR/xhtm11/DTD/xhtml1-strict.dtd"> 
<html xmlns="http: //www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 
<head profile="http://selenium-ide.openga.org/profiles/test-case"> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" href="http://10.10.26.238" /><title>New 
Test</title></head> 
<body> 
<table cellpadding="1" cellspacing="1" border="1"> 
<thead> 
<tr><td rowspan="1" colspan="3">New Test</td></tr> 
</thead><tbody><tr><td>open</td><td>http://10.10.26.238/</td><td></td> 
</tr><tr><td>type</td><td>name=login</td><td>admin</td></tr><tr><td>ty 
pe</td><td>name=password</td><td>abc123</td></tr><tr><td>clickAndWait< 
/td><td>name=submit</td><td></td></tr></tbody></table></body></html>]] 
> 
</data> 
<requiresAuthentication>true</requiresAuthenti 
cation> 
<startingUrlRegex>true</startingUrlRegex> 
</SeleniumScript> 
</set> 
</crawlingScripts> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/rest/xs 
d/3.8/was/webapp.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 


<data> 


<WebApp> 


<id>937657</id> 
<name><! [CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //mywebapp. com] ]></url> 
<owner> 
<id>337014</id> 
<username>john_doe</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</owner> 
<scope>ALL</scope> 
<attributes> 
<count>®</count> 
</attributes> 
<defaultScanner> 
<type>EXTERNAL</type> 
</defaultScanner> 
<scannerLocked>false</scannerLocked> 
<urlBlacklist> 
<count>®</count> 
</urlBlacklist> 
<urlWhitelist»> 
<count>®</count> 
</urlWhitelist> 
<postDataBlacklist> 
<count>®</count> 
</postDataBlacklist> 
<logoutRegexList> 
<count>®</count> 
</logoutRegexList> 
<authRecords> 
<count>®</count> 
</authRecords> 
<dnsOverrides> 
<count>®</count> 
</dnsOverrides> 
<useRobots>IGNORE</useRobots> 
<useSitemap>false</useSitemap> 
<malwareMonitoring>false</malwareMonitoring> 
<malwareNotification>false</malwareNotification> 
<tags> 
<count>®</count> 
</tags> 
<comments> 


<count>@</count> 
</comments> 
<isScheduled>false</isScheduled> 
<createdBy> 
<id>337014</id> 
<username>john_doe</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</createdBy> 
<createdDate>2017-02-06T10:54:00Z</createdDate> 
<updatedBy> 
<id>337014</id> 
<username>john_doe</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</updatedBy> 
<updatedDate>2017-02-06T10:54:00Z</updatedDate> 
<config/> 
<crawlingScripts> 
<count>1</count> 
Cls 
<SeleniumScript> 
<id>2500</id> 
<name> 
<! [CDATA[TestSeleniumScript ] ]> 
</name> 
<data> 
<1 [CDATA[ 
<?xml version="1.8" encoding="UTF-8"?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 
1.8 Strict//EN" "http: //www.w3.org/TR/xhtm1l1/DTD/xhtml1-strict.dtd"> 
<html xmlIns="http: //www.w3.org/1999/xhtml" 
xml:lang="en" lang="en"> 
<head profile="http://selenium- 
ide.openga.org/profiles/test-case"> 
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" 
href="http://10.10.26.238" /> 
<title>New Test</title> 
</head> 
<body> 
<table cellpadding="1" 
cellspacing="1" border="1"> 
<thead> 
<tr> 


<td rowspan="1" 
colspan="3">New Test</td> 


</tr> 
</thead> 
<tbody> 
iele: 
<td>open</td> 
<td>http://10.10.26.23 
8/</td> 
<td></td> 
</tr> 
ERS 
<td>type</td> 
<td>name=login</td> 
<td>admin</td> 
</tr> 
EPS 
<td>type</td> 
<td>name=password</td> 
<td>abc123</td> 
</tr> 
ele 
<td>clickAndWait</td> 
<td>name=submit</td> 
<td></td> 
</tr> 
</tbody> 
</table> 
</body></html>]]> 
</data> 
<requiresAuthentication>true 
</requiresAuthentication> 
<startingUrl> 
<! [CDATA[http: //www.mywebapp.com]]> 
</startingUr1> 
<startingUrlRegex>true</startingUrlRegex> 
</SeleniumScript> 
list 
</crawlingScripts> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample: Progressive Scanning 


The user will be able to set progressiveScanning to true or false, if Progressive 
Scanning is enabled for the subscription. When Progressive Scanning is 
enabled for the subscription, if progressiveScanning option is not specified 
during CREATE request, by default the option will be enabled for the web 
application. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name><![CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //mywebapp. com] ]></url> 
<progressiveScanning>false</progressiveScanning> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>1912949</id> 
<name><![CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //mywebapp.com] ] ]></url> 


<scannerLocked>false</scannerLocked> 
<progressiveScanning>false</progressiveScanning> 


If Progressive Scanning is not enabled for the subscription, the 
<progressiveScanning> element cannot not be provided, otherwise an error 
will be returned. 


XML response (error) 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse 
xmlns:xsi="http: //www.w3.org/2001/XMLSchema- instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>INVALID REQUEST</responseCode> 
<responseErrorDetails> 
<errorMessage>Progressive scanning is not enabled in your 
subscription. </errorMessage> 
<errorResolution>Please check with your account manager to 
enable this option.</errorResolution> 
</responseErrorDetails> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/webapp.xsd 


Update Web Application 
/aps/rest/3.0/update/was/webapp/<id> 


[POST] 


Update a web application configuration in your account. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and WAS Asset 
Permission “Edit Web Asset”, "Edit Web Application URL” and "Select and 
Lock/Unlock Scanner Appliance”. The output includes web applications in the 
user's scope. If you want to add postman collection files, you must have the 


'ENABLE POSTMAN COLLECTION’ option enabled for your account. If this 
option is not enabled, contact Qualys Support to enable this option. 


Input Parameters 


The element “id” (integer) is required, where “id” identifies a web application. 


Click here for available operators 


Samples 


Update web app with minimum information 
Update authentication records for web app 


Update multiple settings 


Update web app to set default cancel time 
Update custom attribute value for the web app 


Update the default authentication record of the web app 


Sample - Update web app with minimum information 


Let us update information for the web application with ID 1234, change the 
name to “My WebApp Name”. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/webapp/1234" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name>My WebApp Name</name> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>1234</id> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Update authentication records for web app 


Let us update web application with ID 1234, add 1 authentication record and 
remove 1 authentication record. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/webapp/1234" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name><![CDATA[My WebApp Name ]]></name> 
<authRecords> 
<add> 
<WebAppAuthRecord> 
<1d>77353</.1d> 
</WebAppAuthRecord> 
</add> 
<remove> 
<WebAppAuthRecord> 
<id>77356</id> 
</WebAppAuthRecord> 
</remove> 
</authRecords> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/200@1/XMLSchema-instance" 
XSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>1234</id> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Update multiple settings 


Let us update multiple settings for a web application. The web application is 
assigned custom settings as defined in the request POST data. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/update/was/webapp/2607056" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name>My Web Application</name> 
<url>http: //mywebapp.com</url> 
<attributes> 
<remove> 
<Attribute> 
<name>Business Function</name> 
</Attribute> 
<Attribute> 
<name>Business Location</name> 
</Attribute> 
</remove> 
<update> 
<Attribute> 
<name>Business Description</name> 
<value>Business Description Value - UPDATED</value> 
</Attribute> 
</update> 
</attributes> 
<defaultProfile><id>365333</id></defaultProfile> 
<urlBlacklist> 
SSES 
<UrlEntry><![CDATA[http://url.blacklist.1.mywebapp.com]]></UrlEntr 
y> 
<UrlEntry 
regex="false"><![CDATA[http://url.blacklist.2.mywebapp.com]]></UrlEntr 
y> 
<UrlEntry 
regex="true"><![CDATA[http://rg.blacklist.*.com]]></UrlEntry> 
</set> 
</urlBlacklist> 


<urlWhitelist> 
GSE, 
<UrlEntry><![CDATA[http://url.whitelist.1.mywebapp.com]]></UrlEntry> 
<UrlEntry 
regex="false"><![CDATA[http://url.whitelist.2.mywebapp.com]]></UrlEntr 
y> 
<UrlEntry 
regex="true"><![CDATA[http://rg.whitelist.*.mywebapp.com]]></UrlEntry> 
</set> 
</urlWhitelist> 
<postDataBlacklist> 
<set> 
<UrlEntry 
regex="true"><![CDATA[http://url.postdatablacklist.1.mywebapp.com] ]></ 
UrlEntry> 
<UrlEntry 
regex="true"><![CDATA[http://url.postdatablacklist.2.mywebapp.com] ]></ 
UrlEntry> 
</set> 
</postDataBlacklist> 
<useRobots>ADD_PATHS</useRobots> 
<useSitemap>true</useSitemap> 
<headers> 
<Sieie> 
<WebAppHeader>X-TTP-REQUESTED-BY: Qualys Test</WebAppHeader> 
</set> 
</headers> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>2607056</id> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Update web app to set default cancel time 


Let us set the default cancel scan option for web application ID 2392272. 
Scans of this web application will be set to cancel at 10pm by default. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/webapp/2392272" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<name><! [CDATA[My Web App] ]></name> 
<url><! [CDATA[ http: //mywebapp.com] ]></url> 
<config><cancelScansAt>22:88</cancelScansAt></config> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.qualys.com/qps 
/xsd/3.8/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
ld 239227 2</id> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Update custom attribute value for the web app 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/update/was/webapp/2514679" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<attributes> 
<update> 
<Attribute> 
<name>Custom key 1</name> 
<value><![CDATA[Custom value 1]]></value> 
</Attribute> 
</update> 
</attributes> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>2514679</id> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Update the default authentication record of the web app 


Let us update the default authentication record for the web application with 
ID 33831. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/webapp/33831" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebApp> 
<config> 
<defaultAuthRecord> 
<id>9133</id> 
</defaultAuthRecord> 
</config> 
</WebApp> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
o/ 
was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>33831</id> 
</WebApp> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/webapp.xsd 


Delete Web Application 
/aps/rest/3.0/delete/was/webapp/<id> 
/aps/rest/3.0/delete/was/webapp/<filters> 


[POST] 


Delete a web application configuration in your account. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and WAS Asset 
Permission “Delete Web Asset”. The web application to be deleted must be 
within the user’s scope. 


Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 
descriptions of <WebApp> elements. 


Click here for available operators 


Parameter Description 

id (integer) Web application ID. 
name (text) Web application name. 

url (text) The URL of web application. 


removeFromSubscription (Boolean) When set to true, deletes the web 
application asset from your subscription if the 
web application is not shared with other 
modules such as WAF. 


The “removeFromSubscription” flag is ignored 
if the web application that you want to 
remove from the subscription is shared with 


other modules. In that case, the Delete Web 
application API request with this flag set to 
true will only delete the web application from 
WAS and not from your subscription. 


tags.name (text) Tag name assigned to web application. 
tags.id (integer) Tag ID assigned to web application. 
createdDate (date) The date when the web application was 


created in WAS, in UTC date/time format. 


updatedDate (date) The date when the web application was 
last updated in WAS, in UTC date/time 
format. 

isScheduled (boolean) A flag indicating whether a scan is 


scheduled for web application. 


isScanned (boolean) A flag indicating whether the web 
application has been scanned. 


lastScan.status (keyword) Scan status reported by last web 
application scan: SUBMITTED, RUNNING, 
FINISHED, TIME_LIMIT_EXCEEDED, 
SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, ERROR or 
CANCELED 


lastScan.date (date) Date when web application was last 
scanned, in UTC date/time format. 


Sample - Delete a single web application 


Let us delete the web application that has the ID 1234. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X 
POST" "https://qualysapi.qualys.com/gps/rest/3.8/delete/was/webapp/123 
als 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>1234</id> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Delete bulk web applications 


Let us delete web applications in the user’s account that have a name with the 
word “Merchant” and have an ID greater than 323000. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/delete/was/webapp/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">Merchant</Criteria> 
<Criteria field="id" operator="GREATER">323000</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>3</count> 


<data> 
<WebApp> 
<id>323126</id> 
</WebApp> 
<WebApp> 
<id>324256</id> 
</WebApp> 
<WebApp> 
<id>323476</id> 
</WebApp> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/webapp.xsd 


Purge Web Application 

/aps/rest/3.0/purge/was/webapp/<id> 
/aps/rest/3.0/purge/was/webapp/<filters> 

[POST] 

Purging a web application results in removal of the scan findings from the 
web application's scan history. Henceforth, the newly generated web 
application reports will not include findings from previously completed scans. 
All dates must be entered in UTC date/time format. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and WAS Asset 
Permission “Purge Web Asset”. The web application to be purged must be 
within the user’s scope. 

Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 


descriptions of <WebApp> elements. 


Click here for available operators 


Parameter Description 

id (integer) Web application ID. 

name (text) Web application name. 

url (text) The URL of web application. 
tags.name (text) Tag name assigned to web application. 
tags.id (integer) Tag ID assigned to web application. 


createdDate (date) The date when the web application was created 


in WAS, in UTC date/time format. 


updatedDate (date) The date when the web application was last 
updated in WAS, in UTC date/time format. 


isScheduled (boolean) A flag indicating whether a scan is 
scheduled for web application. 


isScanned (boolean) A flag indicating whether the web 
application has been scanned. 


lastScan.status (keyword) Scan status reported by last web 
application scan: SUBMITTED, RUNNING, FINISHED, 
TIME_LIMIT_EXCEEDED, SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, ERROR or CANCELED 


lastScan.date (date) Date when web application was last scanned, in 
UTC date/time format. 


Sample - Purge a single web application 


Let us purge the web application with ID 32420. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" 
https://qualysapi.qualys.com/qps/rest/3.@/purge/was/webapp/ 32420" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/20881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebApp> 
<id>32420</id> 
</WebApp> 
</data> 
</ServiceResponse> 


Sample - Purge multiple web applications 


Let us purge web applications in the user’s account that have a name with the 
word “Merchant” and have an ID greater than 323000. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 

https: //qualysapi.qualys.com/qps/rest/3.@/purge/was/webapp/ < file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS" >Merchant</Criteria> 
<Criteria field="id" operator="GREATER">323000</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webapp.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>3</count> 
<data> 
<WebApp> 
<id>323126</id> 
</WebApp> 
<WebApp> 
<id>324256</id> 
</WebApp> 
<WebApp> 
<id>323476</id> 
</WebApp> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/webapp.xsd 


Download Selenium Script 
/aps/rest/3.0/downloadSeleniumScript/was/webapp 


[POST] 


Download the selenium script file that is associated with the web application. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and WAS Asset 
Permission “View/download Selenium Script sensitive contents”. The web 
application to be purged must be within the user’s scope. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies a web application. 


Click here for available operators 


Sample - Download selenium script 


Let us download the selenium script file associated with a web application 
with ID 1254. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST"-- 
data-binary @- 

https: //qualysapi.qualys.com//qps/rest/3.0/downloadSeleniumScript/was/ 
webapp/" < file.xml" 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="EQUALS">1234</Criteria> 
<Criteria field="crawlingScripts.id" 
operator="EQUALS">2588</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http: //www.w3.org/TR/xhtm11/DTD/xhtml1-strict.dtd"> 
<html xmlns="http: //www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 
<head profile="http://selenium-ide.openga.org/profiles/test-case"> 
<meta http-equiv="Content-Type" content="text/html; 
charset=UTF-8" /> 
<link rel="selenium.base" href="http://10.10.26.238" /> 
<title>New Test</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" border="1"> 
<thead> 
<tr> 
<td rowspan="1" colspan="3">New Test</td> 
<ER 
</thead> 
<tbody> 
<tr> 
<td>open</td> 
<td>http://10.10.26.238/</td> 
<td/> 
</tr> 
<li 
<td>type</td> 
<td>name=login</td> 
<td>admin</td> 
</tr> 
KERS 
<td>type</td> 
<td>name=password</td> 
<td>abc123</td> 
</tr> 
Giel 
<td>clickAndWait</td> 
<td>name=submit</td> 
<td/> 
</tr> 
</tbody> 
</table> 
</body> 
</html> 


XSD 


<platform API server>/qps/xsd/3.0/was/webapp.xsd 


Reference: WebApp 


The <WebApp> element includes sub elements used to define a web 
application. A reference of these elements is provided below. An asterisk * 
indicates a complex element. 


Parameter Description 


id (integer) Web application ID. This element is assigned by 
the service and required for an update request. 


removeFromSubscription (Boolean) When set to true, deletes the web application 
asset from your subscription if the web application is not 
shared with other modules such as WAF. The 
“removeFromSubscription” flag is ignored if the web 
application that you want to remove from the subscription 
is shared with other modules. In that case, the Delete Web 
application API request with this flag set to true will only 
delete the web application from WAS and not from your 
subscription. 


reactivatelfExists (Boolean) Set this parameter to “true” to create a web 
application with the same name and URL. In such a case, all 
the data of the old web application such as findings, 
detections, scans will be deleted. The new web application 
will have the same web application asset ID as the old web 
application. 


But if you try to create a web application with different 
URL but with a name that already exists in your 
subscription, then the API will return an error “Webapp 
with same name exists” in the response. The flag 
"reactivatelfExists” will be ignored even if it is set to true”. 


If this flag is not set to true and if you try to create a web 
application with the same name and URL, then we show 
this error message in the response: “We found in your 
subscription an existing asset that already uses the same 
name and URL. The asset is currently being used by the 
modules: Was, Waf. Please set flag reactivatelfExists to 
true to use that existing asset. If not, you will need to 


name 


type 


url 


OS 


owner 


config* 


change the name of the one you are trying to create.” 


(text) The web application name (maximum 256 
characters). This element is required to create a web 
application. 


(keyword) Type of the finding: VULNERABILITY, 
SENSITIVE_CONTENT, or INFORMATION_GATHERED. 


(text) The URL of the web application maximum 2048 
characters). This element is required to create a web 
application. 


(text) The operating system of the web application. 


(text) This element is assigned by the service and may be 
specified for an update request only. 


Configure the cancel scan option. Specify “cancel after” 
time or “cancel at” time. Only one of 
<cancelScansAfterNHours> or <cancelScanstAt> is allowed 
in one config section. 


Example for “cancel after” time: 


<config> 
<cancelScansAfterNHours>3 </cancelScansAfterNHours> 
</config> 


Example for “cancel at” time: 


<config> 
<cancelScansAt>2017-06-10T12:00:00Z 

</cancelScansAt> 

</config> 


Notes about updating web applications: 

- If none of the above elements are specified in the config 
section, the default cancel option is removed from the web 
app settings. 


- If the config section is not specified, no changes are made 


attributes* 


to the web app settings. 


You can set one of the DNS override records that you 
assigned to your web application as the default record for 
the web application. The default DNS override setting is 
useful when you want to scan multiple web applications 
using the DNS override option. We will use the default DNS 
override record that you have set for your web 
applications to launch scan on them. 


The parameter for setting the default DNS override is 
config.defaultDnsOverride.id. This parameter takes the ID 
of the DNS override record that you want to set as the 
default record. 


This is an optional parameter. 
Example: 


<config> 
<defaultDnsOverride> 
<id>14620</id> 
<defaultDnsOverride> 
</config> 


Custom web application attributes. 
Example: 


<attributes> 
<set> 
<Attribute> 
<name>Custom key 1</name> 
<value><![CDATA[Custom value 1]]></value> 
</Attribute> 
<Attribute> 
<name>Custom key 2</category> 
<value><![CDATA[Custom value 2]]></value> 
</Attribute> 
</set> 
</attributes> 


tags* 


comments 


scope 


uris 


swaggerFile 


Tags assigned to the web application. 
Example: 


<tags> 
<set> 
<Tag> 
<id>12345</id> 
</Tag> 
<Tag> 
<id>12345678</id> 
</Tag> 
</set> 
</tags> 


(text) Comments on the web application. 


(keyword) The scanning scope for the web application: 
ALL (default), LIMIT, SUBDOMAIN or DOMAINS. 


- If set to ALL, the scan will crawl all directories and sub- 
directories of the starting URL. 


- If set to LIMIT, crawling will be limited to the starting 
URI’s initial path and sub-directories. 


- If set to SUBDOMAINS, any sub-domain that is in the 
same domain as the specified domain name will be 
crawled. 


- If set to DOMAINS, only the specified domains will be 
crawled. 


(text) Additional URLs to crawl. Each must be a valid HTTP 
or HTTPS URL consistent with the web application scope. 


Swagger-based REST API file that you want to scan for 
vulnerabilities. To scan the API, you need to specify the 
content of the Swagger/OpenAPI file in YAML or JSON 
format. Note that we support scanning single API at a time. 
For scanning Swagger-based REST APIs, the web 
application URL should point to the Swagger file host or 


postmanCollection 


OpenAPI server URL as per the API definition. Before 
adding the file content, you must encode the file content 
into base64 format. It is your responsibility to verify that 
you have permission to scan APIs that you specify as scan 
targets. 


To remove the API file that you added to the web 
application, add a blank “swagger File” tag in the update 
web application request. 


We currently only support Swagger API file version 2.0 and 
3.0 in YAML or JSON format. The size of the file you 
upload should not exceed 5 MB. 


Example: 


<WebApp> 
<id>87452</id> 


<swaggerFile> 
<name>ajax.yml</name> 
<content>LSOtDQpzd2FnZ2 
VyOiAnMi4wJwOKaW5mbZoN...</content> 
</swaggerFile> 


Note that the swaggerFile and postmanCollection tags are 
mutually exclusive and cannot be specified together in the 
request. 


Postman collection files that you want to scan for 
vulnerabilities. postmanCollection has 3 tags for specifying 
Postman Collection File content: “collection” for specifying 
Postman Collection File content, “environmentVariable” for 
specifying Postman Environment Variables File, and 
“globalVariable” for specifying Global Variables File. All 
these 3 tags are part of the “postmanCollection” tag. While 
creating the web application, the Postman Collection File is 
a mandatory parameter whereas specifying the Postman 
Environmental Variables and Postman Global Variables files 
is optional. 


Note that before adding the file content, you must encode 


the file content into base64 format. 


You can remove the files by sending blank tags in the 
update request. To remove, 


- Postman Environment Variables File, send a blank 
“environmentVariable” tag. 


- Postman Global Variables File, send a blank 
“globalVariable” tag. 


- Postman Collection File, send either a blank 
"postmancCollection” or “collection” tag. This will also 
remove the variables file if added. 


We currently only support v2.0.0 and v2.1.0. for Postman 
Collection. The size of the file you upload should not 
exceed 5 MB. 


<WebApp> 
<id>87452</id> 


<postmanCollection> 
<collection> 
<name>Mycollection.json</name> 
<content>ewoJInZhemIhYmx 
IcydLAoJImlu...</content> 
</collection> 
<environmentVariable> 
<name>Myenvvariables</name> 
<content>ewoJlmlikljogljcxN 
TBhYilyLWEIMDQtNGEz...</content> 
</environmentVariable> 
<globalVariable> 
<name>myglobal.json</name> 
<content>ewoglICJpZIwNTY5Yzkz 
YSO2YzRjLWFkMDIt...</content> 
</globalVariable> 
</postmanCollection> 


Note that the swaggerFile and postmanCollection tags are 
mutually exclusive and cannot be specified together in the 
request.. 


malwareMonitoring 


malwareNotification 


malwareScheduling* 


Scan Settings 


defaultProfile* 


defaultScanner* 


(boolean) A flag indicating whether Malware Monitoring is 
enabled for the web application. 


Example:<malwareMonitoring>true</malwareMonitoring> 


(boolean) A flag indicating whether email notification is 
enabled for Malware Monitoring scans. 


Example:<malwareNotification>true</malwareNotification> 


Schedule Malware Monitoring scans for your web 
application with various scheduling options. 


<occurrenceType> can be set to one of: ONCE, HOURLY, 
DAILY, WEEKLY, MONTHLY. 


The default option profile for scanning the web application. 
When unspecified, an option profile must be specified by 
the user for each scan. 
<defaultProfile> 

<id>139359</id> 

<name><![CDATALIO Links edit]]></name> 
</defaultProfile> 


The default scanner for the web application. A default 
scanner is optional. 


For type (keyword) specify INTERNAL for a scanner 
appliance. If type is INTERNAL, specify friendlyName 
(text). 


EXTERNAL for the external scanners or scannerTags for 
assigning multiple scanner appliances grouped by asset 
tag. 


Example: 


proxy.id 


scannerLocked 


dnsOverrides* 


useRobots (keyword) 


<defaultScanner> 
<type>INTERNAL</type> 
<friendlyName>dp_scanner</friendlyName> 
</defaultScanner> 


(integer) The default proxy for scanning the web 
application. 


Example: 


<proxy> 
<id>12345</id> 
</proxy> 


(boolean) A flag indicating whether the default scanner 
appliance is locked for the web application. 


Example: 
<scannerLocked>false</scannerLocked> 


Assign DNS override settings, one or more records, to a 
web application. 


Example: 


<dnsOverrides> 
<set> 
<DnsOverride> 
<id>2022</id> 
</DnsOverride> 
</set> 
</dnsOverrides> 


A flag indicating whether to observe the Robots.txt file and 
its directives if found when scanning the web application. 


If set to IGNORE (default) the Robots.txt file is ignANDed. 
If set to ADD_PATHS, the “disallow” and “allow” directives 


in the Robots.txt file will be observed; this means these 
directives will be added as link hints for the crawler. 


useSitemap (Boolean) 


headers* 


urlBlacklist* 


urlWhitelist* 


postDataBlacklist* 


authRecords* 


WebAppAuthRecord* 


If set to BLACKLIST the “disallow” directives in the 
Robots.txt file will be observed; this means scans will not 
crawl matching links. 


A flag indicating whether to adhere to a sitemap.xml file if 
present in the web application: true or false (default). 


The headers that need to be injected by the scanning 
engine to scan the web application for complex 
authentication schemes or to impersonate a web browser. 


The URLs for the black list. These are web application links 
(URLs) that you do not want scanned. For each URL, 
specify UrlEntry (text). If the attribute regex (Boolean) is 
set to “true” the service performs a regular expression 
match. 


The URLs for the white list. These are web application links 
(URLs) that you want to be scanned. 


For each URL, specify UrlEntry (text). If the attribute regex 
(Boolean) is set to “true” the service performs a regular 
expression match. 


The web application URLs for which you want to block 
form submission (POST data), as this could have unwanted 
side effects. 


For each URL, specify UrlEntry (text). The attribute regex 
(Boolean) can be set to “true” for a regular expression 
match. 


The web application authentication records. The 
WebAppAuthRecords element identifies a set of 
authentication instances (combination of form and types). 


Under <authRecords>, this element identifies an 
authentication record assigned to the web application. 
Prior to WAS 3.1, authentication records and their settings 
were defined here using the Web Applicatin API. Now you 
can manage authentication records using the 
Authentication API. 


CrawlingScript 


SeleniumScript 


The selenium crawl script for your web application. The 
SeleniumScript element tells the selenium script details. 


Under <CrawlingScript>, this element provides more 
information such as name of the script (text), start point of 
the crawl, if authentication is required or not, and such 
other details about the selenium script associated with the 
web application. 
Example: 
<crawlingScripts> 
<count>1</count> 
<list> 
<SeleniumScript> 


<id>2500</id> 


<name><![CDATA[name of the 
Script]]></name> 


—Calae 
<requiresAuthentication> 

true 
</requiresAuthentication> 
<startingUrl>URL</startingUrl> 
<startingUrlRegex> 

true 
</startingUrlRegex> 
</SeleniumScript> 


</list> </crawlingScripts> 


Elements Assigned by 


the Service 

id (integer) The web application ID. 

owner (text) The user login ID of the web application owner. 

isScheduled (boolean) Is a scan scheduled for the web application? 
(true or false). 

createdBy (text) The user who created the web application. 

createdDate (date) The date when the web application was created in 
WAS, in UTC date/time format. 

updatedBy (text) The user who last updated the web application. 

updatedDate (date) The date when the web application was last 
updated in WAS, in UTC date/time format. 

lastScan (text) The scan ID of the last scan run on the web 
application. 

lastScan.status (keyword) Scan status reported by last web application 


scan: SUBMITTED, RUNNING, FINISHED, 
TIME_LIMIT_EXCEEDED, SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, ERROR or CANCELED 


Authentication 


Authentication Count 
/aps/rest/3.0/count/was/webappauthrecord 


[GET] [POST] 


Returns the total number of authentication records in the user’s scope. Input 
elements are optional and are used to filter the number of authentication 
records included in the count. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and Asset 
Management Permission “Read Asset”. The output includes authentication 
records in the user's scope. 


Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 
descriptions of <WebApp> elements 


Click here for available operators 


Parameter Description 

id (integer) Authentication record ID. 

name (text) Authentication record name. 

tags (integer) Tag associated with the authentication 
record. 

tags.name (text) Tag name assigned to the authentication 
record. 


tags.id (integer) Tag ID assigned to the authentication 


record. 


createdDate (date) The date when the authentication record 
was created in WAS, in UTC date/time format. 


updatedDate (date) The date when the authentication record 
was updated in WAS, in UTC date/time format. 


lastScan.date (date) The date when the web application 
(associated with the authentication record) was last 
scanned, in UTC date/time format. 


lastScan.authStatus (keyword) Authentication status reported by the 
last web application scan: NONE, NOT_USED, 
SUCCESSFUL, FAILED or PARTIAL 


isUsed (boolean) Indicates whether used by a web 
application or scan. 


contents (Keyword: FORM_STANDARD, FORM_CUSTOM, 
FORM_SELENIUM, SERVER_BASIC, 
SERVERZBIGESTSERVERZNTEMFTERTIEICATE: 
OAUTH2_AUTH_CODE, OAUTH2_IMPLICIT, 
OAUTH2_PASSWORD, and 
OAUTEZSELIENTECREBSI 


Sample - Get count of authentication records in user's account 


Return the number (count) of all authentication records in the user’s scope. 


API request 


curl -u "USERNAME : PASSWORD" 
https: //qualysapi.qualys.com/qps/rest/3.@/count/was/webappauthrecord/" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>3</count> 
</ServiceResponse> 


Sample - Get count of authentication records with a criteria 


Return the number (count) authentication records that have a name that 
contains the term “server”. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/count/was/webappauthrecord/ 
" < file, xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">server</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/webappauthrecord.xsd 


Search Authentication Record 
/aps/rest/3.0/search/was/webappauthrecord 


[POST] 


Returns a list of authentication records which are in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The output 
includes authentication records in the user's scope. 


Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 
descriptions of <WebApp> elements 


The special field=attributes attribute for the Criteria element is used to search 
custom attributes (see sample below). 


Click here for available operators 


Parameter Description 

id (integer) Authentication record ID. 

name (text) Authentication record name. 

tags (integer) Tag associated with the authentication 
record. 

tags.name (text) Tag name assigned to the authentication 
record. 

tags.id (integer) Tag ID assigned to the authentication 
record. 


createdDate (date) The date when the authentication record 


was created in WAS, in UTC date/time format. 


updatedDate (date) The date when the authentication record 
was updated in WAS, in UTC date/time format. 


lastScan.date (date) The date when the web application 
(associated with the authentication record) was last 
scanned, in UTC date/time format. 


lastScan.authStatus (keyword) Authentication status reported by the 
last web application scan: NONE, NOT_USED, 
SUCCESSFUL, FAILED or PARTIAL 


isUsed (boolean) Indicates whether used by a web 
application or scan. 


contents (Keyword: FORM_STANDARD, FORM_CUSTOM, 
FORM_SELENIUM, SERVER_BASIC, 
SERVER DIGEST, SERVER NITEM CERTIFICATE, 
OAUTH2_AUTH_CODE, OAUTH2_IMPLICIT, 
OAUTH2_PASSWORD, and 
OAUTH2_CLIENT_CREDS) 


Samples 


Sample - Search authentication records (no criteria) 


Sample - Search for a particular authentication record 


Sample - Search OAuth2 records with Implicit grant type 


Sample - Search authentication records (no criteria) 


Let us view a list of all authentication records in the user’s scope. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" 
“https://qualysapi.qualys.com/gps/rest/3.0/search/was/webappauthrecord 
je 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.cm/qps/xsd/3.0 
/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>3</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WebAppAuthRecord> 
<id>82605</id> 
<name><![CDATA[ Form Only ]]></name> 
<owner> 
<id>630926</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</owner> 
<tags> 
<count>3</count> 
</tags> 
<createdDate>2017-10-24T04:32:14Z</createdDate> 
<updatedDate>2017-108-24T07:45:85Z</updatedDate> 
</WebAppAuthRecord> 
<WebAppAuthRecord> 
<id>82606</id> 


</WebAppAuthRecord> 
<WebAppAuthRecord> 
<id>82607</id> 


</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Search for a particular authentication record 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/webappauthrecord 
/" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="EQUALS">82605</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WebAppAuthRecord> 
<id>82605</id> 
<name> 
<![CDATA[Sample auth] ]> 
</name> 
<owner> 
<id>75913465</id> 
<username>username</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[ Smith] ]> 
</lastName> 
</owner> 
<tags> 
<count>®</count> 
</tags> 
<createdDate>2018-11-15T09:30:24Z</createdDate> 
<updatedDate>2018-11-15T09:30:24Z</updatedDate> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Search OAuth2 records with Implicit grant type 


Let us search OAuth2 records with Implicit grant type by passing 
OAUTH2_IMPLICIT keyword in the “contents” parameter. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/search/was/webappauthrecord 
/“ < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="contents" 
operator="IN">FORM_CUSTOM, SERVER_DIGEST, 
OAUTH2_IMPLICIT</Criteria> 
</filters> 
</ServiceRequest> 
<ServiceRequest> 
<filters> 
<Criteria field="contents" operator="EQUALS" >OAUTH2_IMPLICIT 
</Criteria> 
</filters> 
</ServiceRequest> 


XML respons 


XSD 


<platform API server>/qps/xsd/3.0/was/webappauthrecord.xsd 


Get Authentication Record Details 
/aps/rest/3.0/get/was/webappauthrecord/<id> 


[GET] 


View details for an authentication record which is in the user’s scope. Want to 
find a record ID to use as input? See Search authentication records. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes authentication records in the user's scope. 


Input Parameters 


The element “id” (integer) is required, where “id” identifies the authentication 
record. 


Click here for available operators 


Sample - View details for the authentication record 


Let us view details for authentication record ID 74078. 


API request 


curl -n -u “USERNAME : PASSWORD" 
“https://qualysapi.qualys.com/gps/rest/3.0/get/was/webappauthrecord/74 
078" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
0/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<WebAppAuthRecord> 
<id>74078</id> 


<name><! [CDATA[My Authentication Record] ]></name> 
<owner> 
<id>4354</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</owner> 
<formRecord> 
<type>STANDARD</type> 
<sslOnly>true</sslOnly> 
<fields> 
<count>2</count> 
Se 
<WebAppAuthFormRecordField> 
<id>826453</id> 
<name><! [CDATA[name1 ] ]></name> 
<value><! [CDATA[ value] ]></value> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<id>826452</id> 
<name>< ! [CDATA[name2 ] ]></name> 
<value><! [CDATA[ value] ]></value> 
</WebAppAuthFormRecordField> 
</laist> 
</fields> 
</formRecord> 
<tags> 
<count>1</count> 
<list> 
<Tag> 
<id>1418973</id> 
<name><![CDATA[Cert Tag] ]></name> 
</Tag> 
</list> 
</tags> 
<comments> 
<count>0</count> 
</comments> 
<createdDate>2017-09-23T20:21:04Z</createdDate> 
<createdBy> 
<id>4354</id> 
<username>username</username> 
<firstName><![CDATA[John]]></firstName> 
<lastName><![CDATA[Smith]]></lastName> 
</createdBy> 
<updatedDate>2017-10-22T05:48:57Z</updatedDate> 


<updatedBy> 
<id>4354</id> 
<username>username</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 

</updatedBy> 

</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Password is masked 


Let us fetch authentication record details with the password fields masked 
when sub user has disabled "View Password in Authentication Record” and 
"View/download Selenium Script sensitive contents” permissions. 


API request 


curl -n -u “USERNAME : PASSWORD" 
“https://qualysapi.qualys.com/gps/rest/3.0/get/was/webappauthrecord/76 
15395 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>761533</id> 
<name><![CDATA[Selenium record] ]></name> 
<owner> 
<id>75670165</id> 
<username>quays js</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[ Smith] ]> 
</lastName> 
</owner> 
<formRecord> 


<type>SELENIUM</type> 
<seleniumScript> 
<name> 
<! [CDATA[seleniumScript] ]> 
</name> 
<data> 
<! [CDATA[ 
<?xml version="1.8" encoding="UTF-8" ?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 
Strict//EN" "http: //www.w3.org/TR/xhtm11/DTD/xhtml1-strict.dtd"> 
<html xmlins="http: //www.w3.org/1999/xhtm1" 
xml: lang="en" lang="en"> 
<head> 
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8" /> 
<link rel="selenium. base" 
hret= https: //1@. 113-195. 231/" /> 
<title>AuthScript</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" 
border="1"> 
<thead> 
<p> 
<td rowspan="1" 
colspan="3">AuthScript</td> 
</tr> 
</thead> 
<tbody> 
<ER 
<td>open</td> 
<td>@@webappURL@@</td> 
<td></td> 
</tr> 
LEES 
<td>click</td> 
<td>name=username</td> 
<td></td> 
</tr> 
ele: 
<td>type</td> 
<td>name=username</td> 
<ta> "2" </td> 
</tr> 
<ER 
<td>type</td> 


<td>name=password</td> 


Sede ste ae 
</tr> 
ele: 
<td>click</td> 
<td>name=Login</td> 
<td></td> 
</tr> 
</tbody> 
</table> 
</body></html>]]> 
</data> 
<regex> 
<![CDATA[selenium] ]> 
</regex> 
</seleniumScript> 
</formRecord> 
<serverRecord> 
<fields> 
<count>3</count> 
<list> 
<WebAppAuthServerRecordField> 
<id>730020</id> 
<type>BASIC</type> 
<domain> 
<! [CDATA[ comp] ]> 
</domain> 
<username> 
<! [CDATA[ abc ] ]> 
</username> 
<password> 
<! [CDATA[*****]]> 
</password> 


</WebAppAuthServerRecordField> 
<WebAppAuthServerRecordField> 
<id>730021</id> 
<type>NTLM</type> 
<username> 
<! [CDATA[abc3] ]> 
</username> 
<password> 
<ULEDATART S24" | i> 
</password> 
</WebAppAuthServerRecordField> 
<WebAppAuthServerRecordField> 
<id>730022</id> 


<type>DIGEST</type> 


<domain> 
<! [CDATA[ comp2 ] ]> 
</domain> 
<username> 
<! [CDATA[abc2] ]> 
</username> 
<password> 
<MEDATA tar [i> 
</password> 
</WebAppAuthServerRecordField> 
Tas 
</fields> 
</serverRecord> 
</updatedBy> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Password is visible 


Let us fetch authentication record details with the password fields visible 
when sub user has disabled "View Password in Authentication Record” and 
"View/download Selenium Script sensitive contents” permissions. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/webappauthrecord/76 
1534" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>762380</id> 
<name> 
<![CDATA[Selenium with server authentication]]> 


</name> 
<owner> 
<id>75913465</id> 
<username>quays js2</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Smith ] ]> 
</lastName> 
</owner> 
<formRecord> 
<type>SELENIUM</type> 
<seleniumScript> 
<name> 
<![CDATA[seleniumScript ] ]> 
</name> 
<data> 
<! [CDATA[ 
<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 
Strict//EN" "http://www.w3.org/TR/xhtm11/DTD/xhtml1-strict.dtd"> 
<html xmlns="http: //www.w3.org/1999/xhtm1" 
xml: lang="en" lang="en"> 
<head> 
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" 
hrer=- https. 7/10, 113.195.231/ 2 /> 
<title>AuthScript</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" 
border="1"> 
<thead> 
Siel 
<td rowspan="1" 
colspan="3">AuthScript</td> 
</tr> 
</thead> 
<tbody> 
SENS 
<td>open</td> 
<td>@@webappURL@@</td> 
Gedoe 
</tr> 


<ER 


<tdoclick</td> 
<td>name=username</td> 
<td></td> 
</tr> 
<tr> 
<td>type</td> 
<td>name=username</td> 
<td>theuser</td> 
</tr> 
<tr> 
<td>type</td> 
<td>name=password</td> 
<td>thepass</td> 
</tr> 
<tr> 
<tdoclick</td> 
<td>name=Login</td> 
<td></td> 
<hER> 
</tbody> 
</table> 
</body></html>]]> 
</data> 
<regex> 
<! [CDATA[ selenium] ]> 
</regex> 
</seleniumScript> 
</formRecord> 
<serverRecord> 
<fields> 
<count>3</count> 
CES ED 
<WebAppAuthServerRecordField> 
<id>731073</id> 
<type>NTLM</type> 
<username> 
<! [CDATA[abc3] ]> 
</username> 
<password> 
<! [CDATA[1234] ]> 
</password> 


</WebAppAuthServerRecordField> 

<WebAppAuthServerRecordField> 
<id>731074</id> 
<type>BASIC</type> 


<domain> 
<! [CDATA[ comp] ]> 
</domain> 
<username> 
<![CDATA[abc]]> 
</username> 
<password> 
<![CDATA[1234]]> 
</password> 
</WebAppAuthServerRecordField> 
<WebAppAuthServerRecordField> 
<id>731075</id> 
<type>DIGEST</type> 
<domain> 
<! [CDATA[comp2]]> 
</domain> 
<username> 
<![CDATA[abc2]]> 
</username> 
<password> 
<! [CDATA[1234]]> 
</password> 
</WebAppAuthServerRecordField> 
LISTS 
</fields> 
</serverRecord> 
</updatedBy> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/webappauthrecord.xsd 


Create Authentication Record 
/aps/rest/3.0/create/was/webappauthrecord 


[POST] 


Creates a new authentication record. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and Asset 
Management Permission “Create Authentication Record”. The output includes 
authentication records in the user's scope. 


Input Parameters 
These elements are optional and act as filters. When multiple elements are 


specified, parameters are combined using a logical AND. Click here for 
descriptions of <WebApp> elements. 


Click here for available operators 


Parameter Description 
name (text) Authentication record name. 


WebAppAuthRecord (text) Details associated with the web application 
authentication record. 


Use these parameters to create OAuth2 
authentication record: 


WebAppAuthRecord.oauth2Record.grantT ype - 
(text) (Required if authentication type is OAuth2) 
Valid values are: 1) NONE, AUTH CODE, IMPLICIT, 
PASSWORD, and CLIENT CREDS. NONE means 
no grant type is selected. 


These are fields we support for each grant type: 


1) AUTH_CODE - We support these fields for 
Authorization Code: 1) seleniumScript, 2) 
redirectUrl, 5) accessTokenUrl, 4) clientld 
(optional), 5) clientSecret (optional), 6) scope, 
(optional) and 7) accessTokenExpiredMsgPattern 
Coptional) 


Note: Selenium script is mandatory for 
Authorization Code. We support parametrized 
username and password in the selenium script. 
See “Create a Selenium script to parameterize 
username and password” in the WAS API guide. 


2) IMPLICIT - We support these fields for Implicit: 
1) seleniumScript, and 2) redirectUrl 


Note:: Selenium script is mandatory for Implicit. 
We support parametrized username and password 
in the selenium script. See “Create a Selenium 
script to parameterize username and password” in 
the WAS API guide. 


3) PASSWORD - We support these fields for 
Resource Owner Password Credentials: 1) 
accessTokenUrl, 2) username, 3) password, 4) 
clientld (optional), 5) clientSecret (optional), 6) 
scope (optional), and 7) 
accessTokenExpiredMsgPattern (optional) 


4) CLIENT_CREDS - We support these fields for 
Client Credentials: 1) accessTokenUrl, 2) clientld 
(optional), 3) clientSecret (optional), and 4) scope, 
(optional) 


Note: 


When creating an authentication record, you can 
specify either a Form record (used for web 
application authentication) or an OAuth2 record 
(used for the Swagger/Open API file 
authentication) in the request. While updating an 


authentication record, 


- Send the Form record with type as NONE if you 
want to set an OAuth2 record instead of a form 
record. 


- Send OAuth2 with grant type as NONE if you 
want to set a Form record instead of an OAuth2 


record. 

tags (text) Tag associated with the authentication 
record. 

comments (text) User-defined comments. 


Samples 


Sample - Create a standard authentication record 
Sample - Create a custom authentication record 


Sample - Create a Selenium script 


Sample - Create a Selenium script to parameterize username and password 
Sample - Create server authentication 


Sample: Create an OAuth2 authentication record with grant type as Client 
Credentials 


Sample: Create an OAuth2 authentication record with Selenium script 


Sample - Create a standard authentication record 
Let us create anew web application called “My Web Application” that has the 


starting URL “http://mywebapp.com”. The default web application settings 
are assigned automatically. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webappauthrecord 
" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name><![CDATA[STANDARD auth]]></name> 
<formRecord> 
<type>STANDARD</type> 
<sslonly>true</sslOnly> 
<fields> 
<set> 
<WebAppAuthFormRecordField> 
<name>username</name> 
<value>john</value> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<name>password</name> 
<value>secret</value> 
</WebAppAuthFormRecordField> 
</set> 
</fields> 
</formRecord> 
<tags> 
[Seto 
<Tag> 
<id>152743</id> 
</Tag> 
</set> 
</tags> 
<comments> 
GISELE: 
<Comment><contents><! [CDATA[ some 
comments ]]></contents></Comment> 
</set> 
</comments> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>80149</id> 
<name><![CDATA[STANDARD auth] ]></name> 
<owner> 
<id>45941</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</owner> 
<formRecord> 
<type>STANDARD</type> 
<sslOnly>true</sslOnly> 
<fields> 
<count>2</count> 
<list> 
<WebAppAuthFormRecordField> 
<id>835050</id> 
<name><! [CDATA[ username | ]</name> 
<value><![CDATA[ john] ]</value> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<id>835051</id> 
<name>< ! [CDATA[ username | ]></name> 
<value><![CDATA[ jim] ]></value> 
</WebAppAuthFormRecordField> 
<list> 
</fields> 
</formRecord> 
<tags> 
<count>1</count> 
<list> 
<Tag> 
<id>152743</id> 
<name><![CDATA[Asset Groups] ]></name> 
</Tag> 
as 
</tags> 


<comments> 
<count>1</count> 
<list> 
<Comment> 
<contents><![CDATA[some comments ]]></contents> 
<createdDate>2017-10-18T18:18:01Z</createdDate> 
</Comment> 
</list> 
</comments> 
<createdDate>2017-10-18T18:18:01Z</createdDate> 
<createdBy> 
<id>45941</id> 
<username>username</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Smith ] ]></lastName> 
</createdBy> 
<updatedDate>2017-108-18T18:18:81Z</updatedDate> 
<updatedBy> 
<id>45941</id> 
<username>username</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Smith ] ]></lastName> 
</updatedBy> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Create a custom authentication record 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webappauthrecord 
/“ < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name><![CDATA[CUSTOM auth]]></name> 
<formRecord> 
<type>CUSTOM</type> 


<sslOnly>true</sslOnly> 
<fields> 
ISIC, 
<WebAppAuthFormRecordField> 
<name>some username</name> 
<value>Login</value> 
<secured>false</secured> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<name>some password with true</name> 
<value>real password</value> 
<secured>true</secured> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<name>not password with false</name> 
<secured>false</secured> 
<value>fake password</value> 
</WebAppAuthFormRecordField> 
</set> 
</fields> 
</formRecord> 
<comments> 
<set> 
<Comment><contents><! [CDATA[ some 
comments ] ]></contents></Comment> 
</set> 
</comments> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


XML response 


<<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>685133</id> 
<name><![CDATA[CUSTOM auth] ]></name> 
<owner> 
<id>75913465</id> 


<username>username</username> 


<firstName> <![CDATA[John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</owner> 
<formRecord> 
<type>CUSTOM</type> 
<sslOnly>true</sslOnly> 
<fields> 
<count>3</count> 
<list> 
<WebAppAuthFormRecordField> 
<id>692981</id> 
<name><![CDATA[not password with 
false] ]></name> 
<secured>false</secured> 
<value><![CDATA[ fake password] ]></value> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<id>692982</id> 
<name><![CDATA[ some password with 
true] ]></name> 
<secured>true</secured> 
<value>< ! [CDATA[ *****] ]></value> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<id>692983</id> 
<name><![CDATA[ some username ] ]></name> 
<secured>false</secured> 
<value><! [CDATA[ Login] ]></value> 
</WebAppAuthFormRecordField> 
SSL 
</fields> 
</formRecord> 
<tags> 
<count>®</count> 
</tags> 
<comments> 
<count>1</count> 
<list> 
<Comment> 
<contents> 
<! [CDATA[ some comments]]> 
</contents> 
<createdDate>2018-11- 
21T09:25:00Z</createdDate> 
</Comment> 
</list> 


</comments> 
<createdDate>2018-11-21T09:25:00Z</createdDate> 
<createdBy> 
<id>75913465</id> 
<username>username</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[ Smith] ]> 
</lastName> 
</createdBy> 
<updatedDate>2018-11-21T09:25:00Z</updatedDate> 
<updatedBy> 
<id>75913465</id> 
<username>username</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[ Smith] ]> 
</lastName> 
</updatedBy> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Create a Selenium script 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webappauthrecord 
/“ < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name><![CDATA[From API - Selenium]]></name> 
<formRecord> 


<type>SELENIUM</type> 
<seleniumScript> 
<name><! [CDATA[ seleniumScriptOK ] ]></name> 
<data><! [CDATA[ <?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http://www.w3.org/TR/xhtm1l1/DTD/xhtml1-strict.dtd"> 
<html xmlIns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 
<head profile="http://selenium-ide.openga.org/profiles/test-case"> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" href="https://community.qualys.com/" /> 
<title>seleniumScriptOK</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" border="1"> 
<thead> 
<tr><td rowspan="1 
</thead><tbody> 
iele 
<td>open</td> 
<td>https://community.qualys.com/index.jspa</td> 
<td></td> 
</tr> 
Siere 
<td>clickAndWait</td> 
<td>css=#qc-homepage-cafe > span.qc-homepage-header-item- 
title</td> 
<td></td> 
<tr> 
<tr> 
<td>clickAndWait</td> 
<td>link=Introduction to Qualys Mapping</td> 
<td></td> 
</tr> 
</tbody></table> 
</body> 
</html>] ]></data> 
<regex><![CDATA[ selenium] ]></regex> 
</seleniumScript> 
</formRecord> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


colspan="3">seleniumScriptOK</td></tr> 


XML response 
<?xml version="1.8" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>307757</id> 
<name> 
<![CDATA[From API - Selenium] ]> 
</name> 
<owner> 
<id>4354</id> 
<username>user_alice</username> 
<firstName> 
<! [CDATA[Alice] ]> 
</firstName> 
<lastName> 
<! [CDATA[ Smith] ]> 
</lastName> 
</owner> 
<formRecord> 
<type>SELENIUM</type> 
<seleniumScript> 
<name> 
<! [CDATA[seleniumScriptOkK] ]> 
</name> 
<data> 
<! [CDATA[ 
<?xml version="1.8" encoding="UTF-8" ?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 
Strict//EN" "http: //www.w3.org/TR/xhtm11/DTD/xhtml1-strict.dtd"> 
<html xmlins="http: //www.w3.org/1999/xhtm1" 
xml: lang="en" lang="en"> 
<head profile="http://selenium- 
ide.openga.org/profiles/test-case"> 
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" 
href="https://community.qualys.com/" /> 
<title>seleniumScriptOK</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" 
border="1"> 
<thead> 


Sier» 
<td rowspan="1" 
colspan="3">seleniumScriptOK</td> 
Gens 
</thead> 
<tbody> 
Gele: 
<td>open</td> 
<td>https://community. qual 
ys.com/index.jspa</td> 
<td></td> 
</tr> 
[LERS 
<td>clickAndWait</td> 
<td>css=#qc-homepage-cafe 
> span.qc-homepage-header-item-title</td> 
<td></td> 
</ E> 
<ER 
<td>clickAndWait</td> 
<td>link=Introduction to 
Qualys Mapping</td> 
<td></td> 
</tr> 
</tbody> 
</table> 
</body></html>]]> 
</data> 
<regex> 
<! [CDATA[ selenium] ]> 
</regex> 
</seleniumScript> 
</formRecord> 
<tags> 
<count>®</count> 
</tags> 
<comments> 
<count>®</count> 
</comments> 
<createdDate>2017-05-06T16:23:43Z</createdDate> 
<createdBy> 
<id>4354</id> 
<username>user_alex</username> 
<firstName> 
<![CDATA[Alice ] ]> 
</firstName> 


<lastName> 
<![CDATA[ Smith ] ]> 
</lastName> 
</createdBy> 
<updatedDate>2017 -05-96116: 23: 43Z</updatedDate> 
<updatedBy> 
<id>4354</id> 
<username>user_alex</username> 
<firstName> 
<![CDATA[Alice]]> 
</firstName> 
<lastName> 
<![CDATA[ Smith ] ]> 
</lastName> 
</updatedBy> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Create a Selenium script to parameterize username and 
password 


When using selenium script for authentication, you have the option to 
parameterize the username and password. Specify the username and 
password in the authentication record and then during the scan, we will 
replace @@authusername@@ and @@authpassword@@ with this username 
and password. Add these 2 parameters: @@authusername@@ for username 
and @@authpassword@@ for password inside the Selenium script. The 
parameter names are case insensitive. 


The advantage of using the parameters in the script is that you can change 
the login credentials without modifying your selenium script. 


To use the parameters inside the selenium script, you need to set 
“seleniumCreds” to “true” in the authentication record. If you set the 
parameter to “false”, then adding the placeholders in the script will return an 
error. 


Let us create an authentication record of type Selenium script and add 


@@authusername@@ and @@authpassword@@ inside the selenium script 
and set the parameter “seleniumCreds” to "true". 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webappauthrecord 
lern 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name><![CDATA[From API - Selenium] ]></name> 
<formRecord> 
<type>SELENIUM</type> 
<seleniumScript> 
<name>< ! [CDATA[ seleniumScriptoOK ] ]></name> 
<data><![CDATA[ <?xml version="1.0" encoding="UTF-8" ?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http: //www.w3.org/TR/xhtm11/DTD/xhtml1-strict.dtd"> 
<html xmlins="http: //www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" href="http://10.10.31.25/" /> 
<title>seleauth</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" border="1"> 
<thead> 
<tr><td rowspan="1" colspan="3">Untitled Test Case</td></tr> 
</thead> 
<tbody> 
<tr><td>open</td><td>http://10.10.31.25/login_2/index.php</td><td></td 
> 
</ur> 
<tr><td>type</td><td>name=username</td><td>@@authusername@@< /td> 
</tr> 
<tr><td>type</td><td>name=password</td><td>@@authpas sword@@< /td> 
</tr> 
<tr><td>click</td><td>css=input[ type="submit" ]</td><td></td> 
</tr> 
</tbody></table> 
</body> 
</html>]]></data> 
<regex><![CDATA[selenium]]></regex> 
</seleniumScript> 


<seleniumCreds>true</seleniumCreds> 
<fields> 
<Seit> 
<WebAppAuthFormRecordField> 
<name>username</name> 
<value>spp2</value> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<name>password</name> 
<value>secret</value> 
</WebAppAuthFormRecordField> 
</set> 
</fields> 
</formRecord> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>804942</id> 
<name> 
<![CDATA[From API - Selenium] ]> 
</name> 
<owner> 
<id>5759808</id> 
<username>joe_user</username> 
<firstName> 
<! [CDATA[ Sunny ] ]> 
</firstName> 
<lastName> 
<![CDATA[ Mirani ] ]> 
</lastName> 
</owner> 
<formRecord> 
<type>SELENIUM</type> 
<authVault>false</authVault> 
<seleniumCreds>true</seleniumCreds> 


<seleniumScript> 
<name> 
<! [CDATA[ 
seleniumScriptOK 
> 
</name> 
<data> 
<! [CDATA[ 
<?xml version="1.8" encoding="UTF-8"?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 
Strict//EN" "http://www.w3.org/TR/xhtm11/DTD/xhtml1-strict.dtd"> 
<html xmlns="http: //www.w3.org/1999/xhtm1" 
xml: lang="en" lang="en"> 
<head> 
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" 
href="http://10.10.31.25/" /> 
<title>seleauth</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" 
border="1"> 
<thead> 
<ER 
<td rowspan="1" 
colspan="3">Untitled Test Case</td> 
</tr> 
</thead> 
<tbody> 
<tr> 
<td>open</td> 
<td>http://10.10.31.25/log 
in_2/index.php</td> 
<td></td> 
</tr> 
Gele 
<td>type</td> 
<td>name=username</td> 
<td>@@authusername@@</td> 
</tr> 
ERS 
<td>type</td> 
<td>name=password</td> 
<td>@@authpassword@@</td> 
</tr> 


GED 
<td>click</td> 
<td>css=input[type="submit 

TRAS 
<td></td> 
</tr> 
</tbody> 
</table> 
</body></html>]]> 
</data> 
<regex> 
<! [CDATA[ 
selenium 
]]> 
</regex> 
</seleniumScript> 
<fields> 
<count>2</count> 
ESES 
<WebAppAuthFormRecordField> 
<id>860000</id> 
<name> 
<! [CDATA[PASSWORD] ]> 
</name> 
<secured>true</secured> 
<value> 
<VPCDATA LSS ee iil 
</value> 
</WebAppAuthFormRecordField> 
<WebAppAuthFormRecordField> 
<id>860001</id> 
<name> 
<1 [CDATA[USERNAME ] ]> 
</name> 
<secured>false</secured> 
<value> 
<! [CDATA[spp215] ]> 
</value> 
</WebAppAuthFormRecordField> 
</list> 
</fields> 
</formRecord> 
<tags> 
<count>®</count> 
</tags> 
<comments> 


<count>®</count> 
</comments> 
<createdDate>2021-06-01T04:18: 38Z</createdDate> 
<createdBy> 
<id>5759808</id> 
<username>quays_ty55</username> 
<firstName> 
<![CDATA[ joe] ]> 
</firstName> 
<lastName> 
<! [CDATA[user] ]> 
</lastName> 
</createdBy> 
<updatedDate>2021-06-014T04: 18: 38Z</updatedDate> 
<updatedBy> 
<id>5759808</id> 
<username>joe_user</username> 
<firstName> 
<![CDATA[ joe] ]> 
</firstName> 
<lastName> 
<![CDATA[user] ]> 
</lastName> 
</updatedBy> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Create server authentication 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/webappauthrecord 
/" < file, xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name><![CDATA[server auth] ]></name> 
<serverRecord> 


<sslOnly>true</sslOnly> 


<certificate> 
<name><![CDATA[My Certificate] ]></name> 
<contents><! [CDATA[ ----- BEGIN CERTIFICATE----- 


MIIC4jCCAkugAwIBAgIJAPU+Kw6GX2aMMAOGCSqGSIb3DQEBBQUAMIGJMOswCQYD 
VOOGEwWJGUjEPMAOGA1UECAWGRNJhbmN1IMREwWDwYDVQQHDAhUb3Vsb3VzZTEPMAOG 
A1UECgwGUXVhbH1ZMRUWEwYDVQQLDAxRdWF seXMgVGVj aC4xDTALBgNVBAMMBE 5p 
Y28xHzAdBgkqhkiG9w@BCQEWEG5iaxXp1QHF1YWx5cy5jb2@wHhcNMTExMDA1Mj Ix 


MIICXAIBAAKBgQC4SiB/HaNxQtwQUtot 867MxTP1PqgAQh7VyHIdBs037eafpd8B6 
apHhihO@Jw@zr2RzcWniUUhhpvwL4apG470/RzkIKSNu4h9akHgA5be@Pe@ZasrE7B 
MxUZWNF9dFrY+IXQmdaPce0i4w4zZR+PabXxXDy5Mg90NEUKS3AONCHk7acwIDAQAB 
AoGAMHwAF LFdgLzQXNMPZ6uGv4TaaJkzT2YEZKLIyvY7e/ /Dt16@GwDSpH3LqfFfh 


----- END RSA PRIVATE KEY-----]]></contents> 
<passphrase>My Certificate</passphrase> 
</certificate> 
</serverRecord> 
<comments> 
<set> 
<Comment><contents>< ! [CDATA[ some 
comments] |></contents></Comment> 
</set> 
</comments> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>685134</id> 
<name> 
<![CDATA[server auth] ]> 
</name> 
<owner> 
<id>75913465</id> 


<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Smith ] ]> 
</lastName> 
</owner> 
<serverRecord> 
<sslOnly>true</sslOnly> 
<certificate> 
<name> 
<![CDATA[My Certificate] ]> 
</name> 
<contents> 
<! [CDATA[----- BEGIN CERTIFICATE----- 
MIIC4jCCAkugAwIBAgIJAPU+Kw6GX2 aMMA@GCSqGSI b3DQEBBQUAMIGIMQswCQYD 
VQQGEwJGUj EPMA@GALUECAWGRn JhbmN1IMREwDwYDVQQHDAhUb3Vsb3VzZTEPMA@G 
A1UECgwGUXVhbH1ZMRUWEwYDVQQLDAxRdwWF seXMgVGVj aC4xDTALBgNVBAMMBE5p 
Y28xHZAdBgkqhkiG9w@BCQEWEG5SiaXp1lQHF1YWx5cy5jb2@wHhcNMTExMDA1Mj Ix 
OTQ5WhcNMTIxMDAQ@Mj IxOTQSWjCBiTELMAKGALUEBhMCRIIxDZANBgNVBAgMBkZy 
YW5jZTERMA8GA1UEBww1VG91bG91c2UxDZANBgNVBAoMB1F1YWx5cZEVMBMGA1UE 
CwwMUXVhbH1zIFRLY2guMQ@wCwYDVQQDDAROaWNvVMR8wHQYI KoZIhvcNAQkBFhBu 
Ym16ZUBxdWF seXMuY29tMIGFMAQ@GCSqGS Ib3DQEBAQUAA4GNADCBiQKBgQC4SiB/ 
HaNxQtwQUtot 86 7MxTP1PqAQh7VyHIdBs0@37eafpd8B6apHhih@IwO@zr2RzcWniU 
UhhpvwL4apG470/RzkIKSNu4h9akHgA5boPe@ZasrE7BMxXUZWNF9dfrY+JXQmdaP 
ce0i4w4zZR+PabXxXDy5Mg90NEUKS3AONCHk7acwIDAQABo1AwT j AdBgNVHQ4EF gQU 
2MFOD/CeGujBKQGGaXT IoPPUPUowHwYDVROjBBgwFoAU2MfOD/CeGujBKQGGAXTI 
oPPUPUowDAYDVR®@T BAUWAWEB / ZANBgkqhkiG9w@BAQUFAAOBgQCySmA+hoaTvm1lV 
RptwWqID24SH3r4FQPR9wan/RcXbpT15hwboauUspqwSmx/ jKKtsLy9VdLILnf3NT 
p/9U5TscI5d3XwSEHKVCNnGF Zwb5uc18jXhvEpUi+WwW1GhIP6Nin3gdAcyxXYTcB 
ILvK@dar1//cJZRnN7+tRFFcw6kelTQ== 
SSS END CERTIFICATE----- 


</contents> 
</certificate> 
<fields> 
<count>®</count> 
</fields> 
</serverRecord> 
<tags> 
<count>®</count> 
</tags> 
<comments> 
<count>1</count> 
<list> 


<Comment > 
<contents> 
<! [CDATA[ some comments ] ]> 
</contents> 
<createdDate>2018-11- 
21T89:41:59Z</createdDate> 
</Comment> 
ALSE 
</comments> 
<createdDate>2018-11-21T09:41:59Z</createdDate> 
<createdBy> 
<id>75913465</id> 
<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Smith]]> 
</lastName> 
</createdBy> 
<updatedDate>2018-11-21T09:41:59Z</updatedDate> 
<updatedBy> 
<id>75913465</id> 
<username>username</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Smith]]> 
</lastName> 
</updatedBy> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Create an OAuth2 authentication record with grant type as 
Client Credentials 


API request 


curl -n -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/rest/3.8/create/was/webappauthrecord" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name><! [CDATA[GrantType-Client-credentials-SPP] ]></name> 
<oauth2Record> 
<grantType>CLIENT_CREDS</grantType> 
<accessTokenUrl>http://www.authTokenUrl.com 
</accessTokenUrl> 
<clientId>clientIdVal</clientId> 
<clientSecret>clientSecretVal</clientSecret> 
<scope>scope</scope> 
</oauth2Record> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


Sample - Create an OAuth2 authentication record with Selenium 
script 


Let us create an OAuth2 authentication record with grant type Implicit that 
requires selenium script. 


API request 


curl -n -u "USERNAME :PASSWORD" -H “content-type: text/xml"-X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/rest/3.8/create/was/webappauthrecord" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name> 
<![CDATA[OAuth2 and Server Auth Record]]> 
</name> 
<serverRecord> 
<sslOnly>true</sslOnly> 
<fields> 
SSES 
<WebAppAuthServerRecordField> 


<type>DIGEST</type> 
<domain>realm</domain> 
<username> 
<![CDATA[username] ]> 
</username> 
<password>password</password> 
</WebAppAuthServerRecordField> 
</set> 
</fields> 
</serverRecord> 
<oauth2Record> 
<grantType>IMPLICIT</grantType> 
<redirectUrl>http://www.redirectUrl.com</redirectUr1> 
<seleniumScript> 
<name> 
<![CDATA[seleniumScriptoK]]> 
</name> 
<data> 
<! [CDATA[ 
<?xml version="1.8" encoding="UTF-8"?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 
Strict//EN" "http://www.w3.org/TR/xhtm11/DTD/xhtml1-strict.dtd"> 
<html xmlns="http: //www.w3.org/1999/xhtml" 
xml:lang="en" lang="en"> 
<head> 
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" 
href="http://10.10.31.25/" /> 
<title>seleauth</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" 
border="1"> 
<thead> 
iele 
<td rowspan="1" 
colspan="3">Untitled Test Case</td> 
</tr> 
</thead> 
<tbody> 
SENS 
<td>open</td> 
<td>http://10.10.31.25/log 
in_2/index.php</td> 
<td></td> 


</tr> 
LERS 
<td>type</td> 
<td>name=username</td> 
<td>@@authusername@@</td> 
< Er > 
iele: 
<td>type</td> 
<td>name=password</td> 
<td>@@authpassword@@</td> 
</i> 
<tr> 
<td> elitck<7 td> 
<td>css=input[type="submit 
"]</td> 
<td></td> 
</tr> 
</tbody> 
</table> 
</body></html>]]> 
</data> 
<regex> 
<! [CDATA[ selenium] ]> 
</regex> 
</seleniumScript> 
<seleniumCreds>true</seleniumCreds> 
<username>uname</username> 
<password>pwd</password> 
</oauth2Record> 
</WebAppAuthRecord> 
</data> 


XSD 


<platform API server>/qps/xsd/3.0/was/webappauthrecord.xsd 


Update Authentication Record 
/aps/rest/3.0/update/was/webappauthrecord/<id> 


[POST] 


Update an authentication record which is in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The output 
includes authentication records in the user's scope. 


Input Parameters 


The element “id” (integer) is required, where “id” identifies an authentication 
record. 


Click here for available operators 


Samples 


Sample - Update authentication record settings 
Sample: Update a Form authentication record to OAuth2 record 


Sample: Update a Form authentication record to OAuth2 record with 
selenium script 


Sample - Update authentication record settings 


Let us update the settings for authentication record ID 82605. 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/update/was/webappauthrecord 
/82605" < file.xml 


Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name><![CDATA[Form and Server Auth] ]></name> 
<serverRecord> 
<sslOnly>true</sslOnly> 
<fields> 
<set> 
<WebAppAuthServerRecordField> 
<type>DIGEST</type> 
<domain>realm</domain> 
<username><! [CDATA[username] ]></username> 
<password>password</password> 
</WebAppAuthServerRecordField> 
</set> 
</fields> 
</serverRecord> 
<formRecord> 
<type>STANDARD</type> 
<sslOnly>true</sslOnly> 
<fields> 
<set> 
<WebAppAuthFormRecordField> 
<name>username</name> 
<value>Login</value> 
</WebAppAuthFormRecordField> 
</set> 
</fields> 
</formRecord> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 


<WebAppAuthRecord> 
<id>82605</id> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample: Update a Form authentication record to OAuth2 record 


Let us update a form authentication record to set OAuth2 record with Client 
Credentials grant type. If you want to set an OAuth2 record instead of a form 
record, then set the form record with type as NONE. 


API request 


curl -n -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/rest/3.8/update/was/webappauthrecord/826 
09" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name><![CDATA[My Oauth Record] ]></name> 
<serverRecord> 
<sslOnly>true</sslOnly> 
<fields> 
SIE 
<WebAppAuthServerRecordField> 
<type>DIGEST</type> 
<domain>realm</domain> 
<username><! [CDATA[username] ]></username> 
<password>password</password> 
</WebAppAuthServerRecordField> 
</set> 
</fields> 
</serverRecord> 
<formRecord> 
<type>NONE</type> 
</formRecord> 
<oauth2Record> 
<grantType>CLIENT_CREDS</grantType> 
<accessTokenUrl>http://www.authTokenUrl.com 


</accessTokenUrl> 
<clientId>clientIdVal</clientId> 
<clientSecret>clientSecretVal</clientSecret> 
<scope>scope</scope> 
</oauth2Record> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>82609</id> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample: Update a Form authentication record to OAuth2 record 
with selenium script 


Let us update a form authentication record to set OAuth2 record with grant 
type Implicit that requires selenium script. If you want to set an OAuth2 
record instead of a form record, then set the form record with type as NONE. 


API request 


curl -n -u "USERNAME :PASSWORD" -H “content-type: text/xml"-X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/rest/3.8/update/was/webappauthrecord/826 
22" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WebAppAuthRecord> 
<name> 


<![CDATA[OAuth2 and Server Auth Record] ]> 


</name> 
<serverRecord> 
<sslOnly>true</sslOnly> 
<fields> 
<set> 
<WebAppAuthServerRecordField> 
<type>DIGEST</type> 
<domain>realm< /domain> 
<username> 
<![CDATA[ username] ]> 
</username> 
<password>password</password> 
</WebAppAuthServerRecordField> 
</set> 
</fields> 
</serverRecord> 
<oauth2Record> 


<grantType>IMPLICIT</grantType> 
<redirectUrl>http://www.redirectUrl.com</redirectUr1> 
<seleniumScript> 
<name> 
<! [CDATA[seleniumScriptoK]]> 
</name> 
<data> 
<! [CDATA[ 
<?xml version="1.8" encoding="UTF-8"?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 
Strict//EN" “http://www.w3.org/TR/xhtml1/DTD/xhtml1- 
Striet.dtd> 
<html xmlns="http: //www.w3.org/1999/xhtml" 
xml:lang="en" lang="en"> 
<head> 
<meta http-equiv="Content-Type" 
content="text/html; charset=UTF-8" /> 
<link rel="selenium.base" 
href="http://10.10.31.25/" /> 
<title>seleauth</title> 
</head> 
<body> 
<table cellpadding="1" cellspacing="1" 
border="1"> 
<thead> 
<tr> 
<td rowspan="1" 
colspan="3">Untitled Test Case</td> 


</tr> 
</thead> 
<tbody> 
<tr> 
<td>open</td> 
<td>http://10.10.31.25/log 
in_2/index.php</td> 
<td></td> 
</tr> 
<ER 
<td>type</td> 
<td>name=username</td> 
<td>@@authusername@@</td> 
</tr> 
LERS 
<td>type</td> 
<td>name=password</td> 
<td>@@authpassword@@</td> 
</tr> 
<tr> 
<td>click</td> 
<td>css=input[type="submit 
</td> 
<td></td> 
Sf er> 
</tbody> 
</table> 
</body></html>]]> 
</data> 
<regex> 
<! [CDATA[ selenium] ]> 
</regex> 
</seleniumScript> 
<seleniumCreds>true</seleniumCreds> 
<username>uname< /username> 
<password>pwd</password> 
</oauth2Record> 
</WebAppAuthRecord> 
</data> 
</ServiceRequest> 


XML response 
<?xml version="1.0" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WebAppAuthRecord> 
<id>82622</id> 
</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/webappauthrecord.xsd 


Delete Authentication Record 
/aps/rest/3.0/delete/was/webappauthrecord/<id> 
/aps/rest/3.0/delete/was/webappauthrecord/<filters> 


[POST] 


Delete an authentication record which is in the user’s scope. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The 
authentication record to be deleted must be within the user’s scope. 

Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 


descriptions of <WebApp> elements 


Click here for available operators 


Parameter Description 

id (integer) Authentication record ID. 

name (text) Authentication record name. 

tags (integer) Tag associated with the authentication 
record. 

tags.name (text) Tag name assigned to the authentication 
record. 

tags.id (integer) Tag ID assigned to the authentication 
record. 

createdDate (date) The date when the authentication record 


was created in WAS, in UTC date/time format. 


updatedDate (date) The date when the authentication record 
was updated in WAS, in UTC date/time format. 


lastScan.date (date) The date when the web application 
(associated with the authentication record) was last 
scanned, in UTC date/time format. 


lastScan.authStatus (keyword) Authentication status reported by the 
last web application scan: NONE, NOT_USED, 
SUCCESSFUL, FAILED or PARTIAL 


isUsed (boolean) Indicates whether used by a web 
application or scan. 


contents (Keyword: FORM_STANDARD, FORM_CUSTOM, 
FORM_SELENIUM, SERVER_BASIC, 
SERVERADIGESIMSERVERENTEMZCERTMIEICATE 
OAUTH2_AUTH_CODE, OAUTH2_IMPLICIT, 
OAUTH2_PASSWORD, and 
OAUTH2_CLIENT_CREDS) 


Sample - Delete a single authentication record 


Let us delete authentication record ID 78149. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" 
“https://qualysapi.qualys.com/gps/rest/3.0/delete/was/webappauthrecord 
/78149" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/20881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<WebAppAuthRecord> 
<id>78149</id> 


</WebAppAuthRecord> 
</data> 
</ServiceResponse> 


Sample - Delete multiple authentication records 


Let us delete authentication records that have a name containing the term 
“server”. 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/delete/was/webappauthrecord 
/" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">server</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/webappauthrecord.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<data> 
<WebAppAuthRecord> 
<id>12874</id> 
<WebAppAuthRecord> 
<WebAppAuthRecord> 
<id>13093</id> 
<WebAppAuthRecord> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/webappauthrecord.xsd 


Reference: Authentication 


The <WebAppAuthRecord> element includes sub elements used to define 
authentication record. A reference of these elements is provided below. An 
asterisk * indicates a complex element. 


Parameter 
id 
name 


tags 


tags.name 


tags.id 


createdDate 


updatedDate 


lastScan.date 


lastScan.authStatus 


isUsed 


contents 


Description 
(integer) Authentication record ID. 
(text) Authentication record name. 


(integer) Tag associated with the authentication 
record. 


(text) Tag name assigned to the authentication 
record. 


(integer) Tag ID assigned to the authentication 
record. 


(date) The date when the authentication record 
was created in WAS, in UTC date/time format. 


(date) The date when the authentication record 
was updated in WAS, in UTC date/time format. 


(date) The date when the web application 
(associated with the authentication record) was 
last scanned, in UTC date/time format. 


(keyword) Authentication status reported by the 
last web application scan: NONE, NOT_USED, 
SUCCESSEULFEAIRED oF PARTIAL 


(boolean) Indicates whether used by a web 
application or scan. 


(Keyword: FORM_STANDARD, FORM_CUSTOM, 


WebAppAuthRecord 


FORM_SELENIUM, SERVER_BASIC, 
SERVERZDIGEST, SERVERINTENM, CERTREICATE, 
OAUTH2_AUTH_CODE, OAUTH2_IMPLICIT, 
OAUTH2_PASSWORD, and 
OAUTH2_CLIENT_CREDS) 


(text) Details associated with the web application 
authentication record. 


Use these parameters to create/update OAuth2 
authentication record: 


WebAppAuthRecord.oauth2Record.grantType - 
(Required if authentication type is OAuth2)(text) 
Valid values are: 1) NONE, AUTH_CODE, IMPLICIT, 
PASSWORD, and CLIENT_CREDS. NONE means 
no grant type is selected. 


These are fields we support for each grant type: 


1) AUTH_CODE - We support these fields for 
Authorization Code: 1) seleniumScript, 2) 
redirectUrl, 5) accessTokenUrl, 4) clientid 
(optional), 5) clientSecret (optional), 6) scope, 
Coptional) and 7) accessTokenExpiredMsgPattern 
Coptional) 


Note: Selenium script is mandatory for 
Authorization Code. We support parametrized 
username and password in the selenium script. 
See “Create a Selenium script to parameterize 
username and password” in the WAS API guide. 


2) IMPLICIT - We support these fields for Implicit: 
1) seleniumScript, and 2) redirectUrl 


Note: Selenium script is mandatory for Implicit. 
We support parametrized username and password 
in the selenium script. See “Create a Selenium 
script to parameterize username and password” in 
the WAS API guide. 


3) PASSWORD - We support these fields for 


Resource Owner Password Credentials: 1) 
accessTokenUrl, 2) username, 3) password, 4) 
clientld (optional), 5) clientSecret (optional), 6) 
scope (optional), and 7) 
accessTokenExpiredMsgPattern (optional) 


4) CLIENT_CREDS - We support these fields for 
Client Credentials: 1) accessTokenUrl, 2) clientld 
(optional), 3) clientSecret (optional), and 4) scope, 
Coptional) 


Note: 


When creating an authentication record, you can 
specify either a Form record (used for web 
application authentication) or an OAuth2 record 
(used for the Swagger/Open API file 
authentication) in the request. While updating an 
authentication record, 


- Send the Form record with type as NONE if you 
want to set an OAuth2 record instead of a form 
record. 


- Send OAuth2 with grant type as NONE if you 


want to set a Form record instead of an OAuth2 
record. 


comments (text) User-defined comments. 


Catalog 


Catalog Entry Count 
/aps/rest/3.0/count/was/catalog 


[GET] [POST] 


Returns the total number of catalog entries in the user’s scope. 

Permissions required - You must have the WAS module enabled. You must 
have the "API access” and "Access WAS module” permissions. You must have 
the "WAS.CATALOG.ACCESS" permission. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 
id (integer) The ID of the catalog entry. 
ipAddress (integer) The IP address of the discovered host. We 


support wild card character * for numbers in IP 
Address. For example, 10.11.196.” or 10.11.*.* are valid 
patterns for IP address. 


Examples of Invalid patterns:*1.123.123.123, 
11123123123 and 723. 3.3 


port (integer) The port number of the discovered service. 


source (text) The source of the catalog entries. Valid values 
are: VM_SCAN, VM_MAP, and WAS_SCAN. 


Status (text) The status of the entry. Valid values are NEW, 
ROGUE, APPROVED, IGNORED, IN_SUBSCRIPTION. 


operatingSystem (text) The operating system of discovered host. 
netbiosName (text) The NetBIOS name of the discovered host. 


fadn (text) The fully qualified domain name of the 
discovered host. 


createdDate (date) The date and time when the catalog entry is 
created. The date format is YYYY-MM-DDTHH:MM:SSZ. 
For example: 2018-05-18T10:33:54Z 


UpdatedDate (date) The updated date and time when the catalog 
entry is updated. The date format is YYYY-MM- 
DDTHH:MM:SSZ. For example: 2018-05-18T10:33:54Z. 


Sample - Get count of catalog entries (no criteria) 


Returns the number (count) of all catalog entries in the user’s scope. 


API request 


curl -u “USERNAME :: PASSWORD" -H “content-type: text/xml" -X 
"https://qualysapi.qualys.com/qps/rest/3.0/count/was/catalog" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/catalog.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1355</count> 
</ServiceResponse> 


Search for a Catalog Entry 
qps/rest/3.0/search/was/catalog 


[POST] 


Returns a list of catalog entries based on the search criteria. 
Permissions required - You must have the WAS module enabled. You must 


have the "API access” and "Access WAS module” permissions. You must have 
the "WAS.CATALOG.ACCESS" permission. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 
id (integer) The ID of the catalog entry. 
ipAddress (integer) The IP address of the discovered host. We 


support wild card character * for numbers in IP 
Address. For example, 10.11.196.* or 10.11.*.* are valid 
patterns for IP address. 


Examples of Invalid patterns:*1.123.123.123, 
171.123.125.125 and 1*.123.123.123 


port (integer) The port number of the discovered service. 


source (text) The source of the catalog entries. Valid values 
are: VM_SCAN, VM_MAP, and WAS_SCAN. 


Status (text) The status of the entry. Valid values are NEW, 
ROGUE, APPROVED, IGNORED, IN_SUBSCRIPTION. 


operatingSystem (text) The operating system of discovered host. 
netbiosName (text) The NetBIOS name of the discovered host. 


fadn (text) The fully qualified domain name of the 
discovered host. 


createdDate (date) The date and time when the catalog entry is 
created. The date format is YYYY-MM-DDTHH:MM:SSZ. 
For example: 2018-05-18T10:33:54Z 


UpdatedDate (date) The updated date and time when the catalog 
entry is updated. The date format is YYYY-MM- 
DDTHH:MM:SSZ. For example: 2018-05-18T10:33:54Z. 


Sample - Search for catalog entries 


Let us view all catalog entries in the user’s scope for IP address that contains 
wild card character . 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/search/was/catalog" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="ipAddress" 
operator="EQUALS">10.113.*.*</Criteria> 
</filters> 
</ServiceRequest> 


XML response 
<?xml version="1.0" encoding="UTF-8" ?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/catalog.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<Catalog> 
<id>306909</id> 
<ipAddress>10.113.196.192</ipAddress> 
<port>443</port> 
<operatingSystem>Ubuntu / Fedora / Tiny Core Linux / Linux 
3.x</operatingSystem> 
<source>VM_SCAN</source> 
<status>ROGUE</status> 
<createdDate>2018-05-18T10:33:55Z</createdDate> 
<updatedDate>2020-05-19T13:50:08Z</updatedDate> 
<updatedBy> 
<id>1918433</id> 
<username>qualys joe</username> 
<firstName> 
<![CDATA[qualys]]> 
</firstName> 
<lastName> 
<! [CDATA[ joe ] ]> 
</lastName> 
</updatedBy> 
</Catalog> 
<Catalog> 
<id>306906</id> 
<ipAddress>18.113.196.18</ipAddress> 
<port>80</port> 
<operatingSystem>Windows XP Service Pack 
2</operatingSystem> 
<source>VM_SCAN</source> 
<fqdn>10-113-196-18.bogus.tld</fqdn> 
<netbiosName>SYS 10 113 196 18</netbiosName> 
<status>ROGUE</status> 
<createdDate>2018-05-18T10: 33:55Z</createdDate> 
<updatedDate>2020-05-19T13:50:08Z</updatedDate> 
<updatedBy> 
<id>1918433</id> 
<username>qualys joe</username> 
<firstName> 
<! [CDATA[ qualys ] ]> 
</firstName> 


<lastName> 
<! [CDATA[ joe] ]> 
</lastName> 
</updatedBy> 
</Catalog> 
</data> 
</ServiceResponse> 


Get Catalog Entry Details 


/aps/rest/3.0/get/was/catalog/{id} 


[GET] 


View the details of a catalog entry that is in your scope. In the output, 
“Comment” tag will show the comment added by the system and comment 
added by you. 


Permissions required - You must have the WAS module enabled. You must 
have the "API access” and "Access WAS module” permissions. You must have 
the "WAS.CATALOG.ACCESS" permission. 


Input Parameters 


The element “id” (integer) is required, where “id” identifies the catalog entry. 


Sample - View details of a catalog entry 


Let us view details for the catalog entry with the ID 306904.. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X 
"https ://qualysapi.qualys.com/qps/rest/3.0/get/was/catalog/306904" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
0/was/catalog.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Catalog> 
<id>306904</id> 
<ipAddress>10.113.196.17</ipAddress> 
<port>80</port> 


<operatingSystem>MacOS X 9.8.8</operatingSystem> 
<source>VM_SCAN</source> 
<fqdn>10-113-196-17.bogus.tld</fqdn> 
<netbiosName>SYS_1@ 113 196 _17</netbiosName> 
<status>NEW</status> 
<comments> 
<count>4</count> 
<list> 
<Comment > 
<contents> 
<![CDATA[Web Application added from scan 
consolidated data from VM]]> 
</contents> 
<createdDate>2018-05- 
18T10: 33:55Z</createdDate> 
</Comment> 
<Comment > 
<contents> 
<![CDATA[asdasd] ]> 
</contents> 
<author> 
<id>1918433</id> 
<username>qualys joe</username> 
<firstName> 
<![CDATA[qualys]]> 
</firstName> 
<lastName> 
<! [CDATA[ joe] ]> 
</lastName> 
</author> 
<createdDate>2020-10- 
22707 :47:25Z</createdDate> 
</Comment> 
<Comment> 
<contents> 
<![CDATA[Entry added to subscription as 
‘Catalog Web Application: 18-113-196-17.bogus.tld, Port 808']]> 
</contents> 
<createdDate>2020-10- 
12T10:16:45Z</createdDate> 
</Comment> 
</list> 
</comments> 
<createdDate>2018-05-18T10:33:55Z</createdDate> 
<updatedDate>2020-10-22T07:47:25Z</updatedDate> 
<updatedBy> 


<id>1918433</id> 
<username>qualys joe</username> 
<firstName> 
<! [CDATA[qualys ] ]> 
</firstName> 
<lastName> 
<! [CDATA[ joe ] ]> 
</lastName> 
</updatedBy> 
</Catalog> 
</data> 
</ServiceResponse> 


Update Catalog Entry 
aps/rest/3.0/update/was/catalog/{id} 


[POST] 


Updates the status and comments for a catalog entry which is in your scope. 
Want to find an ID of a catalog entry to use as input? See Search catalog 
entries. 


Permissions required - You must have the WAS module enabled. You must 
have the "API access” and "Access WAS module” permissions. You must have 
the "WAS.CATALOG.ACCESS" and "WAS.CATALOG.ENTRY.UPDATE" 
permissions. 


Input Parameters 


Parameter Description 


id (integer) The element “id” is required, where “id” 
identifies a catalog entry. 


status (text) This is an optional parameter. The status can be 
updated to one of these statuses: ROGUE, NEW, 
APPROVED and IGNORED. IN_SUBSCRIPTION status 
can not be updated using the Update API. 


Comments (text) This is an optional parameter. You can add 
comments but you can not update/delete existing 
comments. 


Sample - Search for catalog entries 


Let us view all catalog entries in the user’s scope for IP address that contains 
wild card character . 


API request 
curl -u "USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 


data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/catalog/368106" 
< 

file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Catalog> 
<status>ROGUE</status> 
<comments> 
<add> 
<Comment > 
<contents> 
<![CDATA[Comment 1]]> 
</contents> 
</Comment> 
</add> 
</comments> 
</Catalog> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/catalog.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Catalog> 
<id>368106</id> 
</Catalog> 
</data> 
</ServiceResponse> 


Delete Catalog Entry 

/aps/rest/3.0/delete/was/catalog/{id} 

[POST] 

Deletes a catalog entry which is in your scope. Want to find an ID of a catalog 
entry to use as input? See Search catalog entries. 

Permissions required - You must have the WAS module enabled. You must 
have the "API access” and "Access WAS module” permissions. You must have 
the "WAS.CATALOG.ACCESS" and "WAS.CATALOG.ENTRY.DELETE" 
permissions. 

Input Parameters 


The element “id” Cinteger) is required, where “id” identifies a catalog entry. 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 
id (integer) The ID of the catalog entry. 
ipAddress (integer) The IP address of the discovered host. We 


support wild card character * for numbers in IP 
Address. For example, 10.11.196.” or 10.11.*.* are valid 
patterns for IP address. 


Examples of Invalid patterns:*1.123.123.123, 
171.123.123.125 and 1*.123.123.123 


port (integer) The port number of the discovered service. 


source (text) The source of the catalog entries. Valid values 
are: VM_SCAN, VM_MAP, and WAS_SCAN. 


Status (text) The status of the entry. Valid values are NEW, 
ROGUE, APPROVED, IGNORED, IN_SUBSCRIPTION. 


operatingSystem (text) The operating system of discovered host. 
netbiosName (text) The NetBIOS name of the discovered host. 


fadn (text) The fully qualified domain name of the 
discovered host. 


createdDate (date) The date and time when the catalog entry is 
created. The date format is YYYY-MM-DDTHH:MM:SSZ. 
For example: 2018-05-18T10:33:54Z 


UpdatedDate (date) The updated date and time when the catalog 
entry is updated. The date format is YYYY-MM- 
DDTHH:MM:SSZ. For example: 2018-05-18T10:33:54Z. 


Sample - Delete a catalog entry 


Let us delete a catalog entry with ID 368106. 


API request 


curl -u "USERNAME : PASSWORD" -H "content-type: text/xml" -X "POST" 
"https://qualysapi.qualys.com/qps/rest/3.8/delete/was/catalog/368106" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/catalog.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Catalog> 
<id>368106</id> 
</Catalog> 
</data> 
</ServiceResponse> 


Update Entries in Catalog 
/aps/rest/3.0/updateEntries/was/catalog 


[POST] 


Updates the entries in the catalog to add data discovered in the most recent 
VM scan results within your account. 


Permissions required - You must have the WAS module enabled. You must 
have the "API access” and "Access WAS module” permissions. You must have 
the "WAS.CATALOG.ACCESS" and "WAS.CATALOG.UPDATE" permissions. 


Sample - Update entries in the catalog 


Let us delete a catalog entry with ID 368106. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" 
"https://qualysapi.qualys.com/gqps/rest/3.8/updateEntries/was/catalog" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xXSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/catalog.xsd"> 

<responseCode>SUCCESS</responseCode> 
</ServiceResponse> 


Add to Subscription 


/qps/rest/3.0/addToSubscription/was/catalog/{id} 


[POST] 
Adds a web application entry to subscription to create a web application. 


Permissions required - You must have the WAS module enabled. You must 
have the "API access” and "Access WAS module” permissions. You must have 
the "WAS.CATALOG.ACCESS" and 
"WAS.CATALOG.ENTRY.ADD_TO_SUBSCRIPTION" permissions. 


Input Parameters 


The element “id” (integer) is required, where “id” identifies the catalog entry. 


Sample - Add a catalog entry to subscription 


Let us add the catalog entry with id 306904 to subscription.. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" 
"https://qualysapi.qualys.com/qps/rest/3.0/addToSubscription/was/catal 
og/306904" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xXSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/ve 
rsion.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<success> 
<ids>413904, 413906</ids> 
<count>1</count> 


</success> 
<duplicate> 
<count>1</count> 
<ids>413905</ids> 
</duplicate> 
<error> 
<count>2</count> 
<errorMessage>Invalid URL for web application catalog 
entries: 413907Some error occurred for web application 
catalog entries:413908 
</errorMessage> 
</error> 
</data> 
</ServiceResponse> 


Scans 


Scan Count 

/aps/rest/3.0/count/was/wasscan 

[GET] [POST] 

Returns the total number of scans in the user’s account. Input elements are 
optional and are used to filter the number of scans included in the count. 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The count 
includes scans in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 

id (integer) The scan ID. 

name (text) The scan name. 

webApp.name (text) The name of the web application being 
scanned. 

webApp.id (integer) The ID of the web application being 
scanned. 

webApp.tags (integer) The tags associated with the web 

(with application being scanned. 


operator="NONE") 


webApp.tags.id 


reference 


launchedDate 


type 


mode 


status 


authStatus 


resultsStatus 


(integer) The tag ID assigned to web application 
being scanned. 


(text) Scan Reference ID. 


(date) The date and time when the scan was 
launched in UTC date/time format (YYYY-MM- 
DDTHH:MM:SSZ). 


(keyword) The scan type: VULNERABILITY or 
DISCOVERY. 


(keyword) The mode of the scan: ONDEMAND, 
SCHEDULED or API. 


(keyword) The status of the scan: SUBMITTED, 
RUNNING, FINISHED, ERROR, CANCELED, 
PROCESSING. 


(Keyword) Indicates the status of the authentication 
record: NONE, NOT_USED, SUCCESSFUL, FAILED or 
PARTIAL. 


(keyword) The status of the scan: NOT_USED, 
TO_BE_PROCESSED, NO_HOST_ALIVE, 
NO_WEB_SERVICE, SERVICE_ERROR, 
TIME_LIMIT_REACHED, SCAN_INTERNAL_ERROR, 
SCAN_RESULTS_INVALID, SUCCESSFUL, 
PROCESSING, TIME_LIMIT_EXCEEDED, 
SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, SUBMITTED, 
RUNNING, FINISHED, CANCELED, CANCELING, 
ERROR, DELETED, CANCELED_WITH_RESULTS. 


Sample - Get count of scans in user's account 


Return a count of all scans in the user’s account. 


API request 


curl -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscan" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>534</count> 
</ServiceResponse> 


Sample - Get count of scans with certain criteria 


Return a count of scans that match all the criteria defined in the request POST 
data: 1) scan name contains the word “Schedule”, 2) scan type is 
“VULNERABILITY”, 3) the scanned web application contains the word 
“Merchant”, and 4) the scan status is equal to “FINISHED”. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">Schedule</Criteria> 
<Criteria field="type" operator="EQUALS" >VULNERABILITY</Criteria 
<Criteria field="webApp.name" 
operator="CONTAINS">Merchant</Criteria> 
<Criteria field="status" operator="EQUALS">FINISHED</Criteria> 
</filters> 
</ServiceRequest> 


XML response 
<?xml version="1.8" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 


Sample - Get the count of scans of web applications without tags 


Return a count of scans of web applications that do not have any tags 
assigned. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="webApp.tags" operator="NONE"></Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema- 
instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/ 
xsd/3.0/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 

KCOuMmES1L</ COUNTA 
</ServiceResponse> 


Sample - Get the count of scans of web applications with few tags 


Return a count of scans of web applications that have certain tags assigned. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="webApp.tags.id" 
operator="EQUALS">1516928</Criteria> 
<Criteria field="webApp.tags.id" 
operator="EQUALS">1234567</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema- 
instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/ 
xsd/3.0/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 

<eoune - | 5</count> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/wasscan.xsd 


Search Scans 

/aps/rest/3.0/search/was/wasscan 

[POST] 

Returns a list of scans on web applications which are in the user’s scope 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The output 
includes scans in the user's scope. 


Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 
descriptions of <WebApp> elements 


The special field=attributes attribute for the Criteria element is used to search 
custom attributes (see sample below). 


Click here for available operators 


Parameter Description 

id (integer) The scan ID. 

name (text) The scan name. 

webApp.name (text) The name of the web application being 
scanned. 

webApp.id (integer) The ID of the web application being 
scanned. 

webApp.tags (integer) The tags associated with the web 

(with application being scanned. 


operator="NONE") 


webApp.tags.id (integer) The tag ID assigned to web application 


being scanned. 
reference (text) Scan Reference ID. 


launchedDate (date) The date and time when the scan was launched 
in UTC date/time format (YYYY-MM-DDTHH:MM:SSZ). 


type (keyword) The scan type: VULNERABILITY or 
DISCOVERY. 
mode (keyword) The mode of the scan: ONDEMAND, 


SCHEDULED or API. 


status (keyword) The status of the scan: SUBMITTED, 
RUNNING, FINISHED, ERROR, CANCELED, 
PROCESSING. 


authStatus (keyword) Indicates the status of the authentication 
record: NONE, NOT_USED, SUCCESSFUL, FAILED or 
PARTIAL. 


resultsStatus (keyword) The status of the scan: NOT_USED, 
TO_BE_PROCESSED, NO_HOST_ALIVE, 
NO_WEB_SERVICE, SERVICE_ERROR, 
TIME_LIMIT_REACHED, SCAN_INTERNAL_ERROR, 
SCANTRESUETS INVALID SUCCESSFUL, 
PROCESSING, TIME_LIMIT_EXCEEDED, 
SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, SUBMITTED, RUNNING, 
FINISHED, CANCELED, CANCELING, ERROR, 
DELETED, CANCELED_WITH_RESULTS. 


Sample - List running scans 


Let us view a list of all running scans in the user’s account. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 


"https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscan" < 
file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="status" operator="EQUALS">RUNNING</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.cm/qps/xsd/3.0 
/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WasScan> 
<id>13101</id> 
<name><![CDATA[Vulnerability Scan - 2017-02-24]]></name> 
<reference>was/1298538355659. 20994</reference> 
<type>VULNERABILITY</type> 
<mode>ONDEMAND</mode> 
<profile> 
<id>1072</id> 
<name><![CDATA[Initial WAS Options] ]></name> 
</profile> 
<launchedDate>2017 -@2-24T10:05:55Z</launchedDate> 
<launchedBy> 
<id>123056</id> 
<username>username</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</launchedBy> 
<status>RUNNING</status> 
</WasScan> 
<WasScan> 
<id>13102</id> 
<name><![CDATA[Vulnerability Scan - 2017-02-24]]></name> 
<reference>was/1298541157873.20995</reference> 
<type>VULNERABILITY</type> 


<mode>ONDEMAND</mode> 

<profile> 
<id>1072</id> 
<name><! [CDATA[ Initial WAS Options]]></name> 

</profile> 

<launchedDate>2017 -@2-24T10:52:37Z</launchedDate> 

<launchedBy> 
<id>123056</id> 
<username>username</username> 
<firstName><![CDATA[ John] ]></firstName> 
<lastName><![CDATA[Smith] ]></lastName> 

</launchedBy> 

<status>RUNNING</status> 

</WasScan> 
</data> 
</ServiceResponse> 


Sample - List scans with successful authentication 


Let us view a list of scans in the user’s account that successfully authenticated 
to the target web application. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/search/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="authStatus" 
operator="EQUALS">SUCCESSFUL</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 


<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WasScan> 
<id>13096</id> 
<name><![CDATA[Web Vulnerability Scan - 2017-02-23]]></name> 
<reference>was/1298475533625.20931</reference> 
<type>VULNERABILITY</type> 
<mode>ONDEMAND</mode> 
<profile> 
<id>1072</id> 
<name><![CDATA[Initial WAS Options] ]></name> 
</profile> 
<launchedDate>2017 -@2-23T16: 38:53Z</launchedDate> 
<launchedBy> 
<id>123056</id> 
<username>username</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</launchedBy> 
<status>FINISHED</status> 
</WasScan> 
<WasScan> 
<id>13116</id> 
<name><![CDATA[Relaunch Vulnerability Scan - 2017-02- 
23]]></name> 
<reference>was/1298558684177 .21009</reference> 
<type>VULNERABILITY</type> 
<mode>ONDEMAND< /mode > 
<profile> 
<id>1072</id> 
<name><! [CDATA[ Initial WAS Options ]]></name> 
</profile> 
<launchedDate>2017-@2-24T15:44:44Z</launchedDate> 
<launchedBy> 
<id>123056</id> 
<username>username</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</launchedBy> 
<status>FINISHED</status> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - List scans for web applications without tags 


Return a list of scans of web applications that do not have any tags assigned. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="webApp.tags" operator="NONE"></Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WasScan> 
<id>2208317</id> 
<name> 
<! [CDATA[1538976557822_Scan16]]> 
</name> 


<reference>was/1538976670564.372113</reference> 
<type>VULNERABILITY</type> 
<mode>API</mode> 
<multi>false</multi> 
<target> 
<webApp> 
<id>1472824</id> 
<name> 
<![CDATA[web app 1538976530195] ]> 
</name> 


<url> 
<![CDATA[http://10.11.72.39]]> 
</url> 
</webApp> 
<scannerAppliance> 
<type>INTERNAL</type> 
<friendlyName> 
<! [CDATA[John_doe] ]> 
</friendlyName> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
<randomizeScan>false</randomizeScan> 
</target> 
<profile> 
<id>458470</id> 
<name> 
<![CDATA[My Option Profile - with defaults 
1538976530177] ]> 
</name> 
</profile> 
<launchedDate>2018-10-08T05:31:10Z</launchedDate> 
<launchedBy> 
<id>406790</id> 
<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe]]> 
</lastName> 
</launchedBy> 
<status>SUBMITTED</status> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - List scans for web applications with tags 


Return a list of scans of web applications that have certain tags assigned. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 


"https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscan" < 
file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="webApp.tags.id" 
operator="EQUALS">8158322</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WasScan> 
<id>2208317</id> 
<name> 
<! [CDATA[1538976557822 Scan16] ]> 
</name> 


<reference>was/1538976670564.372113</reference> 
<type>VULNERABILITY</type> 
<mode>API</mode> 
<multi>false</multi> 
<target> 
<webApp> 
<id>1472824</id> 
<name> 
<![CDATA[web app 1538976530195] ]> 
</name> 
<url> 
<![CDATA[http://10.11.72.39]]> 
</url> 
</webApp> 
<scannerAppliance> 
<type>INTERNAL</type> 
<friendlyName> 
<! [CDATA[John_doe] ]> 


</friendlyName> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
<randomizeScan>false</randomizeScan> 
</target> 
<profile> 
<id>458470</id> 
<name> 
<![CDATA[My Option Profile - with defaults 
1538976530177 | ]> 
</name> 
</profile> 
<launchedDate>2018-10-08T05:31:10Z</launchedDate> 
<launchedBy> 
<id>406790</id> 
<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe]]> 
</lastName> 
</launchedBy> 
<status>SUBMITTED</status> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - List canceled scan 


Let us search for the scan with response showing user who canceled the scan. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml"-X "POST"-- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscan < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="IN">1447989</Criteria> 


</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/scan.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WasScan> 
<id>1447989< /id> 
<name> 
<![CDATA[My Vulnerability Scan]]> 
</name> 


<reference>was/1446408743390.1856849</reference> 
<type>VULNERABILITY</type> 
<mode>ONDEMAND</mode> 
<multi>false</multi> 
<target> 
<webApp> 
<id>2431279</id> 
<name> 
<! [CDATA[127.0.0.1]]> 
</name> 
<url> 
<! [CDATA[http://127.0.0.1/1]> 
</url> 
</webApp> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
</target> 
<profile> 
<id>28147</id> 
<name> 
<![CDATA[My Option Profile] ]|> 
</name> 
</profile> 
<launchedDate>2017-11-01T20:12:23Z</launchedDate> 
<launchedBy> 
<id>2226741</id> 


<username>user_ak1</username> 
<firstName> 
<! [CDATA[Amy ] ]> 
</firstName> 
<lastName> 
<! [CDATA[Kim] ]> 
</lastName> 
</launchedBy> 
<status>CANCELED</status> 
<cancelMode>USER</cancelMode> 


<canceledBy> 
<id>9872437571</id> 
<username>user_bb5</username> 
</canceledBy> 
</WasScan> 
</data> 
</ServiceResponse> 
XSD 


<platform API server>/qps/xsd/3.0/was/wasscan.xsd 


Get Scan Details 
/aps/rest/3.0/get/was/wasscan/<id> 


[GET] 


View details for a scan on a web application which is in the user’s scope. Want 
to find a scan ID to use as input? See Search scans. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes authentication records in the user's scope. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies the scan. 


Click here for available operators 


Sample - List scan details 


Let us view details for the scan with the ID 1447989. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscan/1447989" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan. xsd" > 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScan> 
<id>1447989< /id> 
<name> 
<![CDATA[My Vulnerability Scan]]> 


</name> 
<reference>was/1446408743390.1856849</reference> 
<type>VULNERABILITY</type> 
<mode>ONDEMAND< /mode > 
<progressiveScanning>false</progressiveScanning> 
<multi>false</multi> 
<target> 
<webApp> 
<id>2431279</id> 
<name> 
<! [CDATA[127.0.0.1]]> 
</name> 
<url> 
<! [CDATA[http://127.0.9.1/]]> 
</url> 
</webApp> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
</target> 
<profile> 
<id>28147</id> 
<name> 
<![CDATA[My Option Profile] ]> 
</name> 
</profile> 
<options> 
<count>15</count> 
<list> 
<WasScanOption> 
<name>My Authentication Record</name> 
<value> 
<! [CDATA[None] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Unexpected Error Threshold</name> 
<value> 
<! [CDATA[48] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Sensitive Content: Credit Card 
Numbers</name> 
<value> 


<! [CDATA[ false ] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Performance Settings</name> 
<value> 
<1 [CDATA[MEDIUM] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Scanner Appliance</name> 
<value> 
<! [CDATA[ External] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Detection Scope</name> 
<value> 
<1 [CDATA[COMPLETE ] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Crawling Form Submissions</name> 
<value> 
<1 [CDATA[ NONE] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Bruteforce Settings</name> 
<value> 
<! [CDATA[MINIMAL ] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Option Profile Name</name> 
<value> 
<![CDATA[My Option Profile] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Maximum Crawling Links</name> 
<value> 
<! [CDATA[ 300] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 


Numbers (US)</name> 


<name>Timeout Error Threshold</name> 
<value> 
<! [CDATA[ 20] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Web Application Name</name> 
<value> 
<! [CDATA[127.0.0.1]]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Request Parameter Set</name> 
<value> 
<![CDATA[Initial Parameters] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Sensitive Content: Social Security 


<value> 
<![CDATA[ false] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Target URL</name> 
<value> 
<![CDATA[http://127.0.0.1/]]> 
</value> 
</WasScanOption> 


<j last> 
</options> 
<launchedDate>2017-11-01T20:12:23Z</launchedDate> 
<launchedBy> 

<id>2226741</id> 

<username>user_ak1</username> 

<firstName> 


<! [CDATA[ Amy] ]> 


</firstName> 
<lastName> 


<![CDATA[ Kim] ]> 


</lastName> 
</launchedBy> 
<status>CANCELED</status> 
<cancelMode>USER</cancelMode> 
<canceledBy> 


<id>9872437571</id> 
<username>user_bb5</username> 
</canceledBy> 
<sendMail>true</sendMail> 
<sendOneMail>true</sendOneMail> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - List scan details with DNS override settings 


When a scan has DNS override settings defined, the dnsOverride element lists 
DNS override settings (one or more records) used for scanning. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscan/1381602" 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<WasScan> 
<id>1381602</id> 
<name> 
<![CDATA[My Scan] ]> 
</name> 


<reference>was/1443153045656.1850463 .1</reference> 
<type>DISCOVERY</type> 
<mode >ONDEMAND< /mode > 
<multi>false</multi> 
<target> 
<webApp> 
<id>1932867</id> 
<name> 
<![CDATA[19.10.10.2]]> 
</name> 
<url> 
<![CDATA[http://10.10.19.2/]]> 


</url> 
</webApp> 
<dnsOverride> 
<id>1421</id> 
<name> 
<![CDATA[DNS Override Settings 1]]> 
</name> 
</dnsOverride> 
<scannerAppliance> 
>> 


Sample - Get details of a progressive scan 


The progressiveScanning element will be included in the call response, if 
Progressive Scanning is enabled for the subscription. For all scans launched 
before this feature was enabled, the value “false” will be returned. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscan/31397" 


XML response 


<ServiceResponse 
xmlns:xsi="http: //www.w3.org/2001/XMLSchema- instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScan> 
<id>31397</id> 
<name> 
<![CDATA[Relaunch Relaunch Web Application 
Vulnerability Scan - 2018-08-13] ]> 
</name> 
<reference>was/1413891468597 .1792880</reference> 
<type>VULNERABILITY</type> 
<mode>ONDEMAND</mode> 
<progressiveScanning>true</progressiveScanning> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscan.xsd 


Launch Scans (Single) 
/aps/rest/3.0/launch/was/wasscan/ 


[POST] 


We've enhanced the ability to support large web application scanning 
programs by adding the ability to scan any number of web applications as a 
Multi-Scan through API. This feature enables you to scan hundreds or even 
thousands of web applications you may have in your organization with 
granular insight into what scans are running and which ones are complete. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Launch 
WAS Scan”. The output includes scan targets in the user's scope. 


Input Parameters 
These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. The special 


field=attributes attribute for the Criteria element is used to search custom 
attributes (see sample below). 


Click here for available operators 


Parameter Description 

name (text) The scan name. 

webApps.id or (integer) The web applications to be 
scanned. 

tags.idı 


webApps.id: Specify the web 
application ID to include it in the 
scan. 


tags.id: Specify the tag ID associated 
with the web applications to be 


type 


profile.id2 


target.scannerAppliance.type 


target.scannerAppliance.friendlyName 


target.scannerTags.set.Tag.id 


target.webAppAuthRecord.id or 


target.webAppAuthRecord.isDefault 


scanned. 


(keyword) The scan type: 
VULNERABILITY or DISCOVERY. 


(integer) The name of the option 
profile that includes scan settings. 
The service provides the profile 
“Initial WAS Options” and we 
recommend this to get started. 


Example: 

<profile> 
<name>Initial WAS 

Options</name> 

</profile> 


(keyword) The type of scanner 
appliance used for the scan: 
EXTERNAL or INTERNAL or 
scannerTags. 


(text) Name of the scanner appliance 
used for the scan. 


(integer) The scanner associated 
with the tag Cidentified by the 
specified tag ID) is picked for the 
scan. 


Decides the authentication record to 
be used for the scan. 


target.webAppAuthRecord.id 
(integer): Specify the web 
application’s authentication record ID 
to use the specific authentication 
record. 


target.webAppAuthRecord.isDefault 
(boolean): Set to true to use the 
default web application's 


authentication record for the scan. 


proxy.id (integer) The proxy for scanning the 
target web application. 


Example: 

<proxy> 
<id>12345</id> 

</proxy> 


dnsOverride.id (integer) The DNS override record 
for scanning the target web 
application. 


Example: 

<dnsOverride> 
<id>67898</id> 

</dnsOverride> 


sendMail (boolean) Set to false to disable scan 
complete email notifications. 


Example: <sendMail>false</sendMail> 


1 The element target must have at least tags or web applications specified 


2 The element profile (Text) is required unless the target has a default option 
profile. 


Sample - Launch a new scan - basic elements 


Launch a new discovery scan on the web application ID 323126 using the 
option profile ID 1021. 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/launch/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScan> 
<name>New WAS Discovery Scan launched from API</name> 
<type>DISCOVERY</type> 
<target> 
<webApp> 
<id>323126</id> 
</webApp> 
<webAppAuthRecord> 
<isDefault >true</isDefault> 
</webAppAuthRecord> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
</target> 
<profile> 
<id>1021</id> 
</profile> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScan> 
<id>16954</id> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - Launch a new scan - use proxy 


Launch a new vulnerability scan using proxy ID 12345. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/launch/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceRequest> 
<data> 
<WasScan> 
<name>New WAS Vulnerability Scan launched from API</name> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<id>323126</id> 
</webApp> 
<scannerAppliance> 
<type>INTERNAL</type> 
<friendlyName>dp_scanner</friendlyName> 
</scannerAppliance> 
<proxy> 
<id>12345</id> 
</proxy> 
</target> 
<profile> 
<id>1021</id> 
</profile> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScan> 
<id>16954</id> 
</WasScan> 
</data> 


</ServiceResponse> 


Sample - Launch a new scan - assign multiple scanner appliances 


Let us launch a new discovery scan on the web application ID 522066 and 
assign the pool of scanners using asset tag. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/launch/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScan> 
<name><![CDATA[Scan With Pool of Internal Scanners ]></name> 
<type>DISCOVERY</type> 
<target> 
<webApp> 
<id>522066</id> 
</webApp> 
<scannerTags> 
Seite 
<Tag> 
<1d>154153533111472 /1d> 
</Tag> 
</set> 
</scannerTags> 
</target> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/scan.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 


<data> 


<WasScan> 


<id>1731352</id> 
<name><![CDATA[Scan With Pool of Internal 


Scanners ]]></name> 


Name</name> 


<reference>was/1484222839357.1955345</reference> 
<type>DISCOVERY</type> 
<mode>ONDEMAND</mode> 
<progressiveScanning>true</progressiveScanning> 
<multi>true</multi> 
<target> 
<webApps> 
cles 
<WebApp> 
<id>522066</id> 
<name><! [CDATA[My Web Application]></name> 
<url><![CDATA[ http: //mywebapp. com] ]></url> 
</WebApp> 
</list> 
</webApps> 
<scannerTags> 
<set> 
<Tag> 
<id>8461819</id> 
<name>< ! [CDATA[ TagForScanner ] ] ></name> 
</Tag> 
</set> 
</scannerTags> 
<cancelOption>DEFAULT</cancelOption> 
</target> 
<profile> 
<id>194283</id> 
<name> 
<![CDATA[ Initial WAS Options ] ]> 
</name> 
</profile> 
<options> 
<count>14</count> 
list > 
<WasScanOption> 
<name>Web Application Authentication Record 


<value>< ! [CDATA[ None] ]></value> 
</WasScanOption> 
<WasScanOption> 


Numbers</name> 


<name>Unexpected Error Threshold</name> 
<value> 
<! [CDATA[ 300] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Sensitive Content: Credit Card 


<value> 
<! [CDATA[ false] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Performance Settings</name> 
<value> 
<! [CDATA[ LOW] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Detection Scope</name> 
<value> 
<! [CDATA[ COMPLETE] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Crawling Form Submissions</name> 
<value> 
<! [CDATA[BOTH] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Bruteforce Settings</name> 
<value> 
<! [CDATA[DISABLED] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Option Profile Name</name> 
<value> 
<![CDATA[ Initial WAS Options] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Maximum Crawling Links</name> 
<value> 
<! [CDATA[ 300] ]> 


Numbers (US)</name> 


</value> 
</WasScanOption> 
<WasScanOption> 
<name>Timeout Error Threshold</name> 
<value> 
<! [CDATA[100] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Web Application Name</name> 
<value> 
<![CDATA[My Web Application] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Request Parameter Set</name> 
<value> 
<![CDATA[Initial Parameters] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Sensitive Content: Social Security 


<value> 
<! [CDATA[ false] ]> 
</value> 
</WasScanOption> 
<WasScanOption> 
<name>Target URL</name> 
<value> 
<! [CDATA[http: //mywebapp.com] ]> 
</value> 
</WasScanOption> 


Chase 
</options> 
<launchedDate>2017 -@1-12T12:07:19Z</launchedDate> 
<launchedBy> 
<id>105686@</id> 
<username>user_john</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe ] ]></lastName> 
</launchedBy> 
<status>SUBMITTED</status> 
<sendMail>true</sendMail> 


</WasScan> 
</data> 


</ServiceResponse> 


Sample - Launch a new scan - progressive scanning 


The user can set the progressiveScanning option to true or false for the 
vulnerability scan, if Progressive Scanning is enabled for the subscription. If 
the option is not set for a scan, the Progressive Scanning setting for the web 
application is used. Note this option is not supported for a discovery scan. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/launch/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScan> 
<name>New WAS Vulnerability Scan launched from API</name> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<10>322126</ rde 
</webApp> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
</target> 
<profile> 
<id>1021</id> 
</profile> 
<cancelAfterNHours>5</cancelAfterNHours> 
<progressiveScanning>false</progressiveScanning> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 
<?xml version="1.0" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScan> 
<id>16954</id> 
</WasScan> 
</data> 
</ServiceResponse> 


If Progressive Scanning is not enabled for the subscription, the 
progressiveScanning element cannot be provided, otherwise an error will be 
returned. 


XML response (error) 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>INVALID REQUEST</responseCode> 
<responseErrorDetails> 
<errorMessage>Progressive scanning is not enabled in your 
subscription.</errorMessage> 
<errorResolution>Please check with your account manager to 
enable this option.</errorResolution> 
</responseErrorDetails> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscan.xsd 


Launch Scan (Multiple) 
/aps/rest/3.0/launch/was/wasscan 


[POST] 


We've enhanced the ability to support large web application scanning 
programs by adding the ability to scan any number of web applications as a 
Multi-Scan through API. This feature enables you to scan hundreds or even 
thousands of web applications you may have in your organization with 
granular insight into what scans are running and which ones are complete. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and "Launch 
WAS Scan". The output includes scan targets in the user's scope. 

Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 


descriptions of <WebApp> elements 


The special field=attributes attribute for the Criteria element is used to search 
custom attributes (see sample below). 


Click here for available operators 


Parameter Description 
name (text) The scan name. 
target.webApp.id: (integer) The ID of the web application 


being scanned. 


target.tags.excluded.option (keyword: ALL or ANY) Decides which 
web applications should be excluded from 
the scan. 


ALL : Only the web applications associated 


target.tags.excluded.tagList.Tag.id 


target.tags.included.option 


target.tags.included.tagList.Tag.id 


options 


type 


with all the specified tags are excluded 
from the scan. 


ANY : Only the web applications 
associated with any of the specified tags 
are excluded from the scan. 


(integer) The web applications associated 
with the tag Cidentified by the specified 
tag ID) are excluded from the scan. 


(keyword: ALL or ANY) Decides which 
web applications should be included in the 
scan. 


ALL : Only the web applications associated 
with all the specified tags are included in 
the scan. 


ANY : Only the web applications 
associated with any of the specified tags 
included in the scan. 


(integer) The web applications associated 
with the tag (identified by the specified 
tag ID) are included in the scan. 


(keyword: ANY, ALL) Decides which web 
applications should be included or 
excluded from the scan. 


ALL : Only the web applications associated 
with all the specified tags are excluded 
from the scan. 


ANY : Only the web applications 
associated with any of the specified tags 
are excluded from the scan. 


(keyword: EXTERNAL or INTERNAL or 
scannerTags) Type of the scanner 
appliance to be used for the scan. 


profile.id2 


target.authRecordOption 


target.profileOption 


target.scannerOption 


(integer) (integer) The name of the option 
profile that includes scan settings. The 
service provides the profile “Initial WAS 
Options” and we recommend this to get 
started. 


Example: 
<profile> 

<name>Initial WAS Options</name> 
</profile> 


(integer) Defines the authentication record 
to be used during the scan. 


Set to SPECIFIC -Always use the 
authRecord passed while launching the 
scan. 


Set to DEFAULT- Forces the use of the 
authRecord, if set, else fall back to the one 
passed in to the API while launching the 
scan. 


(keyword: ALL or ANY) Defines the option 
profile to be used during the scan. 


Set to SPECIFIC - Always use the 
optionProfile passed while launching the 
scan. 


Set to DEFAULT - Forces the use of the 

optionProfile if set, else fall back to the 

one passed in to the API while launching 
the scan. 


(integer) Defines the scanner appliance to 
be used during the scan. 


Set to SPECIFIC - Always use the scanner 
passed while launching the scan 


Set to DEFAULT - Forces the use of the 
scanner if set, else fall back to the one 


passed in to the API while launching the 
scan. 


<cancelOption> Set to DEFAULT - Forces the use of the 
target web application's cancelScans 
option if set, else fall back to the one 
passed in to the API while launching the 
scan. 


Set to SPECIFIC - Always use the cancel 
scan option passed while launching the 
scan. 


sendMail (boolean) Set to false to disable scan 
complete email notifications. 


Example: <sendMail>false</sendMail> 


sendOneMail (boolean) Set to true to send one email 
upon multi-scan completion. Set to false to 
send one email upon completion of each 
individual scan. 


Example: <sendOneMail>true</sendOneMail> 


Note: sendOneMail is valid only when 
sendMail = true for a multi-scan (multiple 
web applications being scanned). If 
sendMail is set to false, sendOneMail will 
be ignored. 


1 The element target must have at least tags or web applications specified 


2 The element profile (Text) is required unless the target has a default option 
profile. 


Sample - Launch a new scan - basic elements 


Launch a new discovery scan on the web application ID 4330527 and 
4330538 using the option profile ID 1070535. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/launch/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScan> 
<name>1497343127459 Scan7</name> 
<type>DISCOVERY</type> 
<target> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<webApps> 
<set> 
<WebApp> 
<id>4330527</id> 
</WebApp> 
<WebApp> 
<id>4330338</id> 
</WebApp> 
</set> 
</webApps> 
<profileOption>DEFAULT</profileOption> 
</target> 
<profile> 
<id>1070535</id> 
</profile> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<WasScan> 


<id>2281862</id> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - Launch a multi-scan using tags 


Let’s launch a multi- scan for all the web applications associated with the tags 
specified in the request filter. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/launch/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceRequest> 
<data> 
<WasScan> 
<name>1497343127649 Scan9</name> 
<type>DISCOVERY</type> 


<target> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 
<set> 
<Tag><id>12017424</id></Tag> 
<Tag><id>12017228</id></Tag> 
</set> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<set> 


<Tag> 


<id>12017228</id> 
</Tag> 
</set> 
</tagList> 
</excluded> 
</tags> 
<scannerOption>DEFAULT</scannerOption> 
</target> 
<profile> 
<id>1070535</id> 
</profile> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScan> 
<id>2281863</id> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - Launch a new scan with cancel option to DEFAULT 


Launch a new vulnerability scan on web app ID 2376280 and 4114251 and set 
the cancel scan option to DEFAULT. This forces the use of the target web 
app’s cancelScans option if set. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/launch/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScan> 
<name><![CDATA[ sample Scan] ]></name> 
<type>VULNERABILITY</type> 
<target> 
<webApps> 
<set> 
<WebApp> 
<id>2376280</id> 
</WebApp> 
<WebApp> 
<id>4114251</id> 
</WebApp> 
</set> 
</webApps> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>DEFAULT</cancelOption> 
</target> 
<profile> 
<id>2231014</id> 
</profile> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance' 
xsi:noNamespaceSchemalLocation="https://qualysapi.qualys.com/qps/xs 
d/3.0/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScan> 
<id>1275177</id> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - Launch a new multi-scan 


Let us launch a scan that allows to send one email on completion of multi- 
scan (not for each individual scan in the group). 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/launch/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScan> 
<name><! [CDATA[New Scan] ]></name> 
<type>VULNERABILITY</type> 
<target> 
<webApps> 
<set> 
<WebApp><id>8389207</id></WebApp> 
<WebApp><id>8389244</id></WebApp> 
</set> 
</webApps> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
</target> 
<profile> 
<id>2337683</id> 
</profile> 
<sendOneMail>true</sendOneMail> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xs 
d/3.0/was/wasscan.xsd"> 


<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 

<WasScan> 

<id>3456140</id> 

</WasScan> 

</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/wasscan.xsd 


Scan Again 
/aps/rest/3.0/scanagain/was/scan/<id> 


[POST] 


We now provide the option to execute a previous scan again. Identify the 
scan you want to run again and use scanagain action. We'll do our best to 
pre-fill the scan settings to match the original scan. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: "API Access" and “Access WAS module”. The 
web application must be in the user's scope. 


Input Parameters 


The element “id” (integer) is required, where “id” identifies the scan to be 
executed again. You could optionally provide a new name for the scan as well. 


Click here for available operators 
Sample - Scan with Scanagain option 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/scanagain/was/wasscan/46263 
54" 


Request POST data 


<ServiceRequest> 
<data> 
<WasScan> 
<name>Sample Scan Name for Rescan</name> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1 </count> 
<data> 
<WasScan> 
<id>4626354</id> 
</WasScan> 
</data> 
</ServiceResponse> 


Retrieve Scan Status 
/aps/rest/3.0/status/was/wasscan/<id> 


[GET] 


Retrieve the status of a scan on a web application which is in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The output 
includes scan targets in the user's scope. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies the scan. 


Click here for available operators 


Sample - View scan status along with authentication status 


View details for the scan with the ID 1902350. 


API request 


curl -n -u “USERNAME : PASSWORD" 
“https://qualysapi.qualys.com/qps/rest/3.0/status/was/wasscan/1902350 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/qps/xsd/3. 
O/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<WasScan> 
<id>1902350</id> 


<status>FINISHED</status> 
<summary> 
<resultsStatus>NO HOST ALIVE</resultsStatus> 
<authStatus>NONE</authStatus> 
</summary> 
</WasScan> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/scan.xsd 


Retrieve Scan Results 
/aps/rest/3.0/download/was/wasscan/<id> 
/aps/rest/2.0/download/was/wasscan/<id> 


[GET] 


Retrieve the results of a scan on a web application which is in the user’s 
scope. Include “3.0” in the URL for WASA v3 scan results using the WAS API 
schema, part of the API V3 architecture (see 
https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd). Include “2.0” in 
the URL for scan results in legacy format (WAS v2 and earlier), using the 
webapp_scan.dtd - see Reference: WAS Scan Results (legacy). 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes scan targets in the user's scope. 


Tip: When you download web application scan results using the WAS API, 


you'll want to view vulnerability descriptions from the Qualys KnowledgeBase 
in order to understand the vulnerabilities detected and see our recommended 


solutions. See How to Download Vulnerability Details. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies the scan. 


Click here for available operators 


Sample - Download results of a scan 


Download the results of the scan with the ID 174726. 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/download/was/wasscan/17472 
6" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<WasScan xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<id>174726</id> 
<name><![CDATA[My Web Application Scan] ]></name> 
<reference>was/1328563860860.218807</reference> 
<type>VULNERABILITY</type> 
<mode>API</mode> 
<target> 
<webApp> 
<id>952835</id> 
<name><![CDATA[My Web Application] ]></name> 
<url><![CDATA[ https: //example.com/ ]]></url> 
</webApp> 
<scannerAppliance> 
<type>INTERNAL</type> 
<friendlyName><![CDATA[is quays _tc321]]></friendlyName> 
</scannerAppliance> 
</target> 
<profile> 
<id>6714</id> 
<name><![CDATA[Initial WAS Options] ]></name> 
</profile> 
<options> 
<count>10</count> 
<list> 
<WasScanOption> 
<name>Detection Scope</name> 
<value>COMPLETE</value> 
</WasScanOption> 
<WasScanOption> 
<name>Maximum Crawling Links</name> 
<value>300</value> 
</WasScanOption> 
<WasScanOption> 
<name>Bruteforce Settings</name> 
<value>MINIMAL</value> 
</WasScanOption> 
<WasScanOption> 
<name>Option Profile Name</name> 
<value>Initial WAS Options</value> 
</WasScanOption> 
<WasScanOption> 


<name>Scanner Appliance Name</name> 
<value><![CDATA[External (IP: 10.40.3.104, Scanner: 6.2.13-1, WAS: 
2.13.5-1, Signatures: 2.2.52-2)]]></value> 
</WasScanOption> 

<WasScanOption> 

<name>Ignore Binary Files</name> 

<VALUE>< ! [CDATA[ true] ]></VALUE> 
</WasScanOption> 


</list> 
</options> 
<launchedDate>2017-82-86T21:31:88Z</launchedDate> 
<launchedBy> 
<id>35842</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</launchedBy> 
<status>FINISHED</status> 
<endScanDate>2017-02-06T 21:49: 34Z</endScanDate> 
<scanDuration>1114</scanDuration> 
<summary> 
<crawlDuration>16</crawlDuration> 
<testDuration>138</testDuration> 
<linksCollected>10</linksCollected> 
<linksCrawled>1</linksCrawled> 
<nbRequests>503</nbRequests> 
<averageResponseTime>8.001554</averageResponseTime> 
<resultsStatus>SUCCESSFUL</resultsStatus> 
<authStatus>NONE</authStatus> 
</summary> 
<stats> 
<global> 
<nbVulnsTotal>79</nbVulnsTotal> 
<nbVulnsLevel5>24</nbVulnsLevel5> 
<nbVulnsLevel4>0</nbVulnsLevel4> 
<nbVulnsLevel3>3</nbVulnsLevel3> 
<nbVulnsLevel2>18</nbVulnsLevel2> 
<nbVulnsLevel1>34</nbVulnsLevel1> 
<nbScsTotal>@</nbScsTotal> 
<nbScsLevel5>0</nbScsLevel5> 
<nbScsLevel4>0</nbScsLevel4> 
<nbScsLevel3>0</nbScsLevel3> 
<nbScsLevel2>0</nbScsLevel2> 
<nbScsLevel1>0</nbScsLevel1> 
<nbIgsTotal>10</nbIgsTotal> 


<nbIgsLevel5>@</nbIgsLevel5> 
<nbIgsLevel4>@</nbIgsLevel4> 
<nbIgsLevel3>0</nbIgsLevel3> 
<nbIgsLevel2>0</nbIgsLevel2> 
<nbIgsLevel1>10</nbIgsLevel1> 
</global> 
<byGroup> 
<count>3</count> 
<list> 
<GroupStat> 
<group>PATH</group> 
<nbTotal>18</nbTotal> 
<nbLevel5>®</nbLevel5> 
<nbLevel4>@</nbLevel4> 
<nbLevel3>@</nbLevel3> 
<nbLevel2>18</nbLevel2> 
<nbLevel1>®</nbLevell> 
</GroupStat> 


<S E 
</byGroup> 
<byOwasp> 
<count>4</count> 
<list> 
<OwaspStat> 
<owasp>OWASP -A4< /owasp> 
<nbTotal>18</nbTotal> 
<nbLevel5>@</nbLevel5> 
<nbLevel4>@</nbLevel4> 
<nbLevel3>@</nbLevel3> 
<nbLevel2>18</nbLevel2> 
<nbLevel1>®</nbLevell> 
</OwaspStat> 


</list> 
</byOwasp> 
<byWasc> 
<count>5</count> 
<List> 
<WascStat> 
<wasc>WASC-15</wasc> 
<nbTotal>14</nbTotal> 
<nbLevel5>@</nbLevel5> 
<nbLevel4>@</nbLevel4> 
<nbLevel3>2</nbLevel3> 
<nbLevel2>12</nbLevel2> 


<nbLevel1>®</nbLevell> 
</WascStat> 


Oste 
</byWasc> 
</stats> 
<vulns> 
<count>79</count> 
<list> 
<WasScanVuln> 
<qid>150081</qid> 
<title><![CDATA[ Possible Clickjacking vulnerability] ]></title> 
<uri><![CDATA[ https: //example. com/randomLink/1328558353.9231] |] 
></uri> 
<instances> 
<count>1</count> 
<list> 
<WasScanVulnInstance> 
<authenticated>false</authenticated> 
<payloads> 
<count>1</count> 
Asie 
<WasScanVulnPayload> 
<payload><![CDATA["' > 
<qss%20a=@REQUESTID@>] ]></payload> 
<result base64="true"> 
<! [CDATA[ c3RhcnQoKTogVGh1IHN1c3Npb24gaWQgY29udGF pbnMgaW5 2YWxpZCBjaGFyY 
WN@ZXIZLCB2YWxpZCBjaGF yYWNOZXJ ZIGFyZSBvbmx5IGEteiwgQSlaIGFuZCAwLTkgaw4 
gJmx0021mZ3Q7L3Zhci93d3cvaHRtbC9pbmNsdwWRicy9jb25maWcucGhwImx@0y9iJmdeO 
yBvbiBsaW51ICZsdDtiJmd@0zImbHQ7L21mZ3Q7Imx002I yIC8mZ3Q7CiZsdDticiAvImd 
80wombHQ7YiZndDtXYXJuaW5nJmx80y9iJmd80zZogIHNICc3Npb25fc3RhcnQoKTogQ2Fub 
m9OTHN1bmQgc2Vzc21vbiBjYWNoZSBsaW1ipdGVyIC@gaGVhZGVycyBhbHI 1LYWRSIHN1bnQ 
gKG91dHB1dCBzdGF ydGVkIGF@IC92YXIvd3d3L2h@bWwvaW5 jbHVkZXMvY29uZmlnLnBoc 
DoyKSBpbiAmbHQ7YiZndDsvdmF yL3d3dy90dG1sL21uY2x1ZGVZL2NvbmZpZy5waHAmbHQ 
7L2ImZ3Q7IG9uIGxpbmUgJmx002ImZ3Q7MiZsdDsvYiZndDsmbHQ7YnIgLyZndDsKJmx00 
2JyIC8mZ307CiZsdDtiJmd801dhcm5pbmcmbHQ7L2ImZ3070iAgQ2Fubm908IG1VvZGlmeSB 
OZWFkZXIgaW5mb3JtYXRpb24gLSBoZWFkZXJzIGFscm/hZHkgc2VudCBieSAob3VOcHVOI 
HNO@YXIOZWOgYXQgL3Zhci93d3cvaHRtbC8 | |></result> 
</WasScanVulnPayload> 
<flıst> 
</payloads> 
</WasScanVulnInstance> 
</list> 
</instances> 
</WasScanVuln> 


</.list> 
</vulns> 
<sensitiveContents> 
<count>®</count> 
</sensitiveContents> 
<igs> 
<count>10</count> 
<list> 
<WasScanlg> 
<qid>150058</qid> 
<title><![CDATA[ Flash Analysis]]></title> 
<data base64="true"><! [CDATA 
[U1dGIGZpbGU6IGhOdHA6L y8xMC4xMC4yNi4yMzg60DAvYm9xL 2F jY3QvcGVyc29uYWwvd 
21ludGVyMi5zd2YKICAgICBWZXJ zaw9u0iA4CgpTVOYgZm1sZTogaHR@cDovLzEwLjEwLjI 
2Lj1Iz0C9ib3EvcHI vdGVjdGVkL21pbWUvZGVmYXVsdFBhZ2Uuc 3dmCiAgICAgVmVyc21vb 
jogNgoK] |></data> 
</WasScanlg> 


USE 
</igs> 
</WasScan> 


Sample - Download results of a scan with SSL/TLS details 


API request 


curl -n -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/gqps/rest/3.8/download/was/wasscan/1302" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<WasScan xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/wasscan.xsd"> 
<id>3217161</id> 
<name> 
<! [CDATA[[[SSL-Certs]] 2020-01-30 6:20:49PM] ]> 
</name> 
<reference>was/1580388655076.626241</reference> 
<type>VULNERABILITY</type> 
<mode>ONDEMAND</mode> 
<progressiveScanning>DISABLED</progressiveScanning> 
<multi>false</multi> 
<target> 


<webApp> 
<id>3016632</id> 
<name> 
<! [CDATA[SSL-Certs]]> 
</name> 
<url> 
<![CDATA[https://18.115.78.72/welcome.html]]> 
</url> 
</webApp> 
<scannerAppliance> 
<type>INTERNAL</type> 
<friendlyName> 
<! [CDATA[WAS_Scanner_vp1]]> 
</friendlyName> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
</target> 
<profile> 
<id>893488</id> 
<name> 
<![CDATA[ss1]]> 
</name> 
</profile> 
<options> 
<count>16</count> 
<list> 
<WasScanOption> 
<name>Web Application Authentication Record 
Name</name> 
<value> 
<! [CDATA[None] ]> 
</value> 
</WasScanOption> 
<list> 
<WasScanIg> 
<qid>38704</qid> 
<title> 
<![CDATA[SSL/TLS Key Exchange Methods ] ]> 
</title> 
<sslData> 


<sslDataInfoList> 
CES ED. 
<SSLDataInfo> 
<sslDataKexList> 


<list> 
<SSLDataKex> 

<protocol>TLSvi</protocol> 
<kex>ECDHE</kex> 
<group>x25519</group> 
<keysize>256</keysize> 
<fwdsec>yes</fwdsec> 
<classical>128</classical> 
<quantum>low</quantum> 


</SSLDataKex> 
<WasScanlg> 
<qid>38706</qid> 
<title> 
<![CDATA[SSL/TLS Protocol Properties ]]> 
</title> 
<sslData> 
<sslDataInfoList> 
Gls 
<SSLDataInfo> 
<sslDataPropList> 
<list> 
<SSLDataProp> 
<name>Extended Master 
Secret</name> 
<value>yes</value> 
<protocol>TLSv1</protocol> 
</SSLDataProp> 
<SSLDataProp> 
<name>Encrypt Then 
MAC</name> 
<value>yes</value> 
<protocol>TLSv1</protocol> 
</SSLDataProp> 
<WasScanIg> 
<qid>6</qid> 
<title> 
<![CDATA[DNS Host Name] ]> 
</title> 
<sslData> 
<sslDataInfoList> 
<S 


<SSLDataInfo> 


<certificateFingerprint>291126AC8ED272 
F71EDF@6E5B76BBECD1C811769D4FE988DE95FF848AFEBCF6A</certificateFingerp 
rint> 
</SSLDataInfo> 
<Jlist> 
</sslDataInfoList> 


<WasScanIg> 
<qid>38291</qid> 
<title> 
<![CDATA[SSL Session Caching Information] ]> 
</title> 


<WasScanlg> 
<qid>45017</qid> 
<title> 
<![CDATA[Operating System Detected] ]> 
</title> 
<sslData> 
<protocol>tcp</protocol> 
<ip>10.115.78.72</ip> 
<port>0</port> 
<result> 
<! [CDATA[Ubuntu_/_Fedora_/_Tiny_Core_Linux_/_L 
inux_3.x TCP/IP_Fingerprint U5933:443 


ie 
</result> 
</sslData> 
<WasScanlg> 
<qid>38116</qid> 
<title> 
<![CDATA[SSL Server Information Retrieval] ]> 
</title> 
<sslData> 
<sslDataInfoList> 
GES 
<SSLDataInfo> 
<sslDataCipherList> 
<list> 
<SSLDataCipher> 


<protocol>TLSv1</protocol> 
<name>ECDHE-RSA-AES128- 
SHA< /name> 


<keyExchange>ECDH</keyExch 


ange> 
<auth>RSA< /auth> 
<mac >SHA1< /mac> 
<encryption>AES(128)</encr 
yption> 
<grade>MEDIUM</grade> 
</SSLDataCipher> 
</igs> 


<sendMail>true</sendMail> 
<enableWAFAuth>false</enableWAFAuth> 
</WasScan> 


XSD 
<platform API server>/qps/xsd/3.0/was/wasscan.xsd 


Cancel Scan 
/qps/rest/3.0/cancel/was/wasscan/<id> 


[POST] 


Cancel an unfinished scan on a web application which is in the user’s scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Cancel 
WAS Scan". 


Input Parameters 
The element “id” (integer) is required, where “id” identifies the scan. 


Click here for available operators 


Sample - Cancel unfinished scan 


Cancel the unfinished scan that has the ID 168. 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/cancel/was/wasscan/168" 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/200@1/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScan> 
<id>168</id> 
</WasScan> 
</data> 


</ServiceResponse> 


Sample - Cancel unfinished scan with scan results 


Use parameter <cancelWithResults> to cancel the scan and still retain results. 
You can use the scan ID and generate a report to view the results. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/cancel/was/wasscan/6620298" 


Request POST data 


<ServiceRequest> 
<data> 
<WasScan> 
<cancelWithResults>true</cancelWithResults> 
</WasScan> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<data> 
<WasScan> 
<id>6620298</id> 
</WasScan> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscan.xsd 


Delete Scan 

/aps/rest/3.0/delete/was/wasscan/<id> 
/aps/rest/3.0/delete/was/wasscan/<filters> 

[POST] 

Delete an existing scan on a web application which is in the user’s scope. You 
can delete any scan in your account that is not running. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and "Delete 
WAS scan" permission. The scan to be deleted must be within the user’s 
scope. 

Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. Click here for 


descriptions of <WebApp> elements 


Click here for available operators 


Parameter Description 

id (integer)The scan ID. 

name (text) The scan name. 

webApp.name (text) The name of the web application being 
scanned. 

webApp.id (integer) The ID of the web application being scanned. 

reference (text) Scan Reference ID. 

launchedDate (date) The date and time when the scan was launched 


in UTC date/time format (YYYY-MM-DDTHH:MM:SSZ). 


type (keyword) The scan type: VULNERABILITY or 
DISCOVERY. 


mode (keyword) The mode of the scan: ONDEMAND, 
SCHEDULED or API. 


status (keyword) The status of the scan: SUBMITTED, 
RUNNING, FINISHED, ERROR, CANCELED, 
PROCESSING. 


authStatus (Keyword) Indicates the status of the authentication 
record: NONE, NOT_USED, SUCCESSFUL, FAILED or 
PARTIAL. 


resultsStatus (keyword) The status of the scan: NOT_USED, 
TO_BE_PROCESSED, NO_HOST_ALIVE, 
NO_WEB_SERVICE, SERVICE_ERROR, 
TIME_LIMIT_REACHED, SCAN_INTERNAL_ERROR, 
SCAN_RESULTS_INVALID, SUCCESSFUL, 
PROCESSING, TIME_LIMIT_EXCEEDED, 
SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, SUBMITTED, RUNNING, 
FINISHED, CANCELED, CANCELING, ERROR, 
DELETED, CANCELED_WITH_RESULTS. 


Sample - Delete a specified scan 


Let us delete the scan with the ID 12405. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" 
"https://qualysapi.qualys.com/qps/rest/3.0/delete/was/wasscan/124@5" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/20881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/qps/xsd/3. 
O/was/wasscan.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 


<data> 
<WasScan> 
<id>12405</id> 
</WasScan> 
</data> 
</ServiceResponse> 


Sample - Delete scans with criteria 


Let us delete scans with a name that contains the string “VULN”. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/delete/was/wasscan" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">VULN</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscan.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<data> 
<WasScan> 
<id>12874</id> 
</WasScan> 
<WasScan> 
<id>13093</id> 
</WasScan> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscan.xsd 


WasScan Reference 


The <WasScan> element includes sub elements used to define a web 
application scan. A reference of these elements is provided below. An asterisk 
* indicates a complex element. 


Parameter 


id 


name 


target* (for single 
web application) 


Description 


(integer) The scan ID. This element is assigned by the service and 
is required for a certain type of request (details, status, results or 
cancel). 


(text) The user-defined scan name (maximum 256 characters). 


(text) The target of the scan. The target includes the web 
application and authentication records, if any. 


<scannerAppliance> - type (keyword) is set to INTERNAL for a 
scanner appliance, or EXTERNAL for external scanners or 
scannerTags for assigning multiple scanner appliances grouped by 
asset tag. If the type is INTERNAL, friendlyName (text) is the user- 
defined appliance name. 


</webAppAuthRecord> - Specify <id> set to an auth record ID, or 
<isDefault> set to true (to use the default auth record for the 
target web app). 


Example: target.webApp is required 
<target> 
<webApp> 
<id>323126</id> 
</webApp> 
<webAppAuthRecord> 
<id>1054</id> 
</webAppAuthRecord> 
<scannerAppliance> 
<type>Internal</type> 
<friendlyName>dp_scanner</friendlyName> 
</scannerAppliance> 
<cancelOption>DEFAULT</cancelOption> 
</target> 


target* (for 
multiple web 
application) 


<cancelOption> set to DEFAULT - Forces the use of the target web 
app’s cancelScans option if set, else fall back to the one passed in 
to the API while launching the scan. 


<cancelOption> set to SPECIFIC - Always use the cancel scan 
option passed while launching the scan. 


<target.authRecordOption> set to SPECIFIC -Always use the 
authRecord passed while launching the scan. 


<target.authRecordOption> set to DEFAULT-Forces the use of the 
authRecord, if set, else fall back to the one passed in to the API 
while launching the scan. 


<target.profileOption> set to SPECIFIC-Always use the 
optionProfile passed while launching the scan. 


<target.profileOption> set to DEFAULT-Forces the use of the 
optionProfile if set, else fall back to the one passed in to the API 
while launching the scan. 


<target.scannerOption> set to SPECIFIC-Always use the scanner 
passed while launching the scan. 


<target.scannerOption> set to DEFAULTForces the use of the 
scanner if set, else fall back to the one passed in to the API while 
launching the scan. 

<target.randomizeScan> (Boolean) - Set to true to scan the 
selected web applications in random order. Set to false to scan the 
selected web application in sequential order. 

target.tags (For MultiScan)-- 
---target.tags.included.option(ALL/ANY) is required, 


---target.tags.included.tagList is required, only <set> is allowed for 
target.tags.included.tagList. 


--- target.tags.included.tagList.set.Tag.id is required and should be 
valid 


---Only target.tags.exclusive is not allowed, it must be with 


type 


target.tags.inclusive 


---|f target.tags.excluded is present, all the above rules are 
applicable to it 


Example: Either target.webApps or target.tags is required and 
these are mutually exclusive. 


target.webApps (For MultiScan)- 
Only <set> is allowed for target.webApps 
<webApps> 
<set> 
<WebApp> 
<id>4330527</id> 
</WebApp> 
<WebApp> 
<id>4330327</id> 
</WebApp> 
</set> 
</webApps> 
target.tags (For MultiScan)- 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 
<set> 
<Tag><id>12017424</id></Tag> 
<Tag><id>12017228</id></Tag> 
</set> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<set> 
<Tag><id>12017228</id></Tag> 
</set> 
</tagList> 
</excluded> 
</tags> 


(keyword) The scan type: VULNERABILITY or DISCOVERY. 


sendMail 


sendOneMail 


profile.id 


proxy.id 


dnsOverride.id 


Scanner 
Appliance 


mode 


launchedDate 


(boolean) Set to false to disable scan complete email notifications. 


Example:<sendMail>false</sendMail> 


(boolean) Set to false to disable scan complete email notifications. 


Example:<sendMail>false</sendMail> 


(integer) The name of the option profile that includes scan 
settings. The service provides the profile “Initial WAS Options” and 
we recommend this to get started. 


Example: 
<profile> 

<name>Initial WAS Options</name> 
</profile> 


(integer) The name of the option profile that includes scan 
settings. The service provides the profile “Initial WAS Options” and 
we recommend this to get started. 


Example: 
<profile> 

<name>Initial WAS Options</name> 
</profile> 


(integer) The DNS override record for scanning the target web 
application. 


Example: 

<dnsOverride> 
<id>6789@</id> 

</dnsOverride> 


(integer)The IP address of the external scanner appliance, when an 
external scanner is used. 


(keyword) The mode of the scan: ONDEMAND, SCHEDULED or 
API. 


(date) The date and time when the scan was launched in UTC 
date/time format (YYYY-MM-DDTHH:MM:SSZ). 


launchedBy* 


status 


endScanDate 


summary 


vulns 


igs 


The user who launched the scan. User properties include user ID, 
user login, first and last name. 


Example: 
<launchedBy> 
<id>123056</id> 
<username>username< /username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName><![CDATA[ Smith] ]></lastName> 
</launchedBy> 


(keyword) The status of the scan: SUBMITTED, RUNNING, 
FINISHED, ERROR, CANCELED, PROCESSING. 


(date) The date and time when the scan ended in UTC date/time 
format (YYYY-MM-DDTHH:MM:SSZ). 


The scan summary. <crawlTime> is the length of time used to crawl 
the web application. <testDuration> is the length of time used to 
perform analysis. <nbRequests> is the number of requests sent 
during the scan. <authStatus> is the authentication status (NONE, 
NOTZUSED, SUCCESSFUL PAIRED or PARTIAL 


Example: 


<summary> 
<crawlTime>22.0</crawlTime> 
<testDuration>112.0</testTime> 
<linksCrawled>17</linksCrawled> 
<nbRequests>3814</nbRequests> 

<os>Windows XP SP2</os> 

<resultsStatus>RESULTS_PROCESSED_SUCCESSFULLY</resultsStatus> 
<authStatus>NO_AUTH</authStatus> 

</summary> 


The list of detected vulnerabilities. Each <WasScanVuln> element 
identifies a particular vulnerability QID and the URI where 
detected, each <WasScanVulninstance> element identifies a 
vulnerability instance, and each <WasScanVulninstancePayload> 
element identifies associated payloads. 


The detected information gathered. Each <WasScanlg> element 


sensitiveContents 


stats 


cancelWithResults 


identifies a particular information gathered QID. 


The detected sensitive content. Each <WasScanSensitiveContent> 
element identifies a particular sensitive content QID and the URI 
where detected, each <instances> element identifies a sensitive 
content instance, and each 
<WasScanSensitiveContentinstancePayLoad> element identifies 
associated payloads. 


The statistics gathered by the scan: the total number of 
vulnerabilities, the number of vulnerabilities by severity level, 
information gathered by severity level and the number of 
vulnerabilities by group, OWASP and WASC. 


(boolean) A flag to indicate if the scan to be canceled should 
retain partial scan results or not. The parameter is supported for 
single scan, only child scan (but not parent scan). 


We recommend you to use this parameter only after 20 minutes of 
scan goes into Running status. 


Example: 
<WasScan> 


<cancelWithResults>true</cancelWithResults> 
</WasScan> 


WAS Scan Results Reference 


You have the option to retrieve web application scan results in legacy format 
(WAS v2 and earlier), using the webapp_scan.dtd (see Retrieve the results of 
a scan). You can download this DTD by going to 
https://qualysapi.qualys.com/webapp_scan.dtd (where qualysapi is the API 
server URL where your account is located ). 


WAS scan results DTD 


<?xml version="1.0" encoding="UTF-8" ?> 

<!-- QUALYS WEB APPLICATION SCAN DTD --> 

<!ELEMENT WEB APPLICATION SCAN (ERROR | (HEADER, SUMMARY, 

RESULTS) )> 

<!ELEMENT ERROR (#PCDATA) > 

<!ATTLIST ERROR number CDATA #IMPLIED> 

<!-- GENERIC HEADER --> 

<!ELEMENT HEADER (NAME, GENERATION DATETIME, COMPANY_INFO, 
USER_INFO) > 

NAME (#PCDATA) > 

GENERATION DATETIME (#PCDATA) > 

COMPANY_INFO (NAME, ADDRESS, CITY, STATE, COUNTRY, 

ZIP_CODE)> 
ADDRESS (#PCDATA) > 
CITY (#PCDATA) > 


<!ELEMENT 
< ! ELEMENT 
<! ELEMENT 


<! ELEMENT 
<! ELEMENT 


<!ELEMENT 
<!ELEMENT 
< ! ELEMENT 
<! ELEMENT 
<!ELEMENT 
<!ELEMENT 


STATE (#PCDATA)> 

COUNTRY (#PCDATA)> 

ZIP_CODE (#PCDATA)> 

USER_INFO (NAME, USERNAME, ROLE)> 
USERNAME (#PCDATA) > 

ROLE (#PCDATA) > 


<!-- SUMMARY --> 


<!ELEMENT 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 


< ! ELEMENT 
<! ELEMENT 


SUMMARY (SCAN_SUMMARY, VULN_SUMMARY?, 
SENSITIVE_CONTENT_SUMMARY ) > 


SCAN_SUMMARY (SCAN_INFO*)> 
SCAN_INFO (KEY, VALUE)> 

KEY (#PCDATA)> 

VALUE (#PCDATA)> 
VULN_SUMMARY (VULN_GROUP*) > 


VUENZGROUP (TITLE, SEVERITY_5, SEVERITY_4, SEVERITY 3, 
SEVERIIY 2, SEVERTIYETL, On ALDE 


SEVERITY_1 (#PCDATA)> 
SEVERITY_2 (#PCDATA)> 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 


SEVERITY_3 (#PCDATA) > 

SEVERITY 4 (#PCDATA) > 

SEVERITY_5 (#PCDATA)> 

TOTAL (#PCDATA)> 

SENSITIVE_CONTENT_SUMMARY (SENSITIVE_CONTENT_GROUP*) > 
SENSITIVE_CONTENT GROUP (TITLE, TOTAL)> 


<!-- RESULTS --> 


<!ELEMENT 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 


RESULTS (VULN LIST?, SENSITIVE_CONTENT_LIST?, 
INFO_LIST?)> 

VULN_LIST (VULN*)> 

VULN (GROUP, QID, TITLE, VULN_INSTANCES)> 

VULN_INSTANCES (VULN_INSTANCE*) > 

VULN_INSTANCE (HOST, PORT, URI, AUTHENTICATED?, 


FORM_ENTRY_POINT?, PARAMS, FINDINGS) > 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 


<!ELEMENT 
<!ELEMENT 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ATTLIST 


AUTHENTICATED (#PCDATA) > 

FORM_ENTRY_POINT (#PCDATA) > 

SENSITIVE_CONTENT_LIST (SENSITIVE_CONTENT*)> 

SENSITIVE_CONTENT (GROUP, QID, TITLE, 
SENSITIVE CONTENT INSTANCES) > 

SENSITIVE CONTENT INSTANCES (SENSITIVE CONTENT_INSTANCE*) > 

SENSITIVE CONTENT INSTANCE (HOST, PORT, URI, CONTENT?, 

FINDINGS ) > 

INFO_LIST (INFO*)> 

INFO (QID, TITLE, RESULT)> 

GROUP (#PCDATA)> 

QID (#PCDATA)> 

TITLE (#PCDATA)> 

HOST (#PCDATA)> 

PORT (#PCDATA) > 

URI (#PCDATA)> 

CONTENT (#PCDATA)> 

PARAMS (#PCDATA) > 

FINDINGS (FINDING*)> 

FINDING (PAYLOAD?, RESULT) > 

PAYLOAD (#PCDATA) > 

RESULT (#PCDATA) > 

RESULT base64 (true|false) "false"> 


Schedules 


Schedule Count 
/aps/rest/3.0/count/was/wasscanschedule 


[GET] [POST] 


Returns the total number of schedules in the user’s account. Input elements 
are optional and are used to filter the number of schedules included in the 
count. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes scan targets in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. All dates must be 
entered in UTC date/time format. See Reference: WasScanSchedule for 
descriptions of these <WasScanSchedule> elements. 


Click here for available operators 


Parameter Description 

id (integer) The schedule ID. This element is assigned 
by the service and is required for a certain type of 
request. 

name (text) The user-defined schedule name (maximum 


256 characters). 


owner.id (integer) ID associated with the owner who created 
the schedule. 


createdDate 


updatedDate 


type 


webApp.name 


webApp.id 


webApp.tags 
(with 
operator="NONE") 


webApp.tags.id 


invalid 


active 


(date) The date when the schedule was created in 
WAS, in UTC date/time format. 


(date) The date when the schedule was created in 
WAS, in UTC date/time format. 


(keyword) The scheduled scan type: 
VULNERABILITY or DISCOVERY. 


(text) The name of the web application being 
scanned. 


(integer) The ID of the web application being 
scanned. 


Tags associated with the web application being 
scanned. 


(integer) ID of the tag applied to the web application 
being scanned. 


(boolean) Indicates the schedule is invalid. The web 
application to which the schedule was applied is 
deleted and hence the schedule is invalid. 


(boolean) Indicates whether the schedule is active or 
not. True indicates active schedule. 


Sample - Get count of schedules in user's account 


Return the number (count) of all schedules in the user’s scope. 


API request 


curl -u “USERNAME : PASSWORD" 
https: //qualysapi.qualys.com/qps/rest/3.@/count/was/wasscanschedule" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>15</count> 
</ServiceResponse> 


Sample - Get count of schedules with a criteria 


Return the number (count) of schedules for discovery scan type. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="type" operator="EQUALS" >DISCOVERY</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>3</count> 
</ServiceResponse> 


Sample - Get count of schedules for web applications without tags 


Return the number (count) of schedules for web application that are not 
tagged.. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="webApp.tags" operator="NONE"></Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 


Sample - Get count of schedules for web applications with tags 


Return the number (count) of schedules for web applications that are tagged.. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/count/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="webApp.tags.id" 
operator="EQUALS">1516928</Criteria> 


<Criteria field="webApp.tags.id" 
operator="EQUALS">1234567</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Search Schedule 
/aps/rest/3.0/search/was/wasscanschedule 


[POST] 


Returns a list of scheduled scans on web applications which are in the user's 
scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes scan targets in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. All dates must be 
entered in UTC date/time format. See Reference: WasScanSchedule for 
descriptions of these <WasScanSchedule> elements. 


Click here for available operators 


Parameter Description 


id (integer) The schedule ID. This element is 
assigned by the service and is required for a 
certain type of request. 


name (text) The user-defined schedule name 
(maximum 256 characters). 


owner.id (integer) ID associated with the owner who 
created the schedule. 


createdDate (date) The date when the schedule was created 
in WAS, in UTC date/time format. 


updatedDate (date) The date when the schedule was created 
in WAS, in UTC date/time format. 


active 


type 


webApp.name 


webApp.id 


webApp.tags (with 


operator="NONE") 


webApp.tags.id 


invalid 


lastScan (with 


operation="NONE") 


lastScan.launchedDate 


lastScan.status 


multi 


(boolean) Indicates whether the schedule is 
active or not. True indicates active schedule. 


(keyword) The scheduled scan type: 
VULNERABILITY or DISCOVERY. 


(text) The name of the web application being 
scanned. 


(integer) The ID of the web application being 
scanned. 


Tags associated with the web application being 
scanned. 


(integer) ID of the tag applied to the web 
application being scanned. 


(boolean) Indicates the schedule is invalid. The 
web application to which the schedule was 
applied is deleted and hence the schedule is 
invalid. 


(boolean) Indicates if the last scan was 
performed or not. True indicates that the last 
scan was performed. 


(date) Date when the last scan was launched on 
the web application, in UTC date/time format. 


(keyword) Scan status reported by last web 
application scan: SUBMITTED, RUNNING, 
FINISHED, TIME_LIMIT_EXCEEDED, 
SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, ERROR, 
CANCELED) 


(boolean) Indicates if the scheduled scan is 
single scan or multiple scan. 


Sample - List of schedules never launched 


Let us view a list of all schedules that are in the user’s scope but were not 
launched. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" 
“https://qualysapi.qualys.com/gps/rest/3.0/search/was/wasscanschedule 
< file.xml" 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="lastScan" operator="NONE"></Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WasScanSchedule> 
<id>171425669</id> 
<name><![CDATA[Web Application Vulnerability Scan - 2017-Aug- 
19] ]></name> 
<owner> 
<id>8792415669</id> 
</owner> 
<active>false</active> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<id>1296335669</id> 
<name><! [CDATA[My Web Application] ]></name> 
<url><![CDATA[http://10.10.1.100] ]></url> 
</webApp> 


<webAppAuthRecord> 
<id>175535669</id> 
<name>< ! [CDATA[AR1] ] ></name> 
</webAppAuthRecord> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
</target> 
<profile> 
<id>716315669</id> 
<name><![CDATA[Copy of Initial WAS Options] ]></name> 
</profile> 
<scheduling> 
<startDate>2017-08-197T12:30:00Z</startDate> 
<timeZone> 
<code>America/Dawson</code> 
<offset>-07:00</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
</scheduling> 
<createdDate>2017-08-19T19:30:49Z</createdDate> 
<updatedDate>2017-08-19T19:30:50Z</updatedDate> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - List launched schedules 


Let us view a list of all schedules that are in the user’s scope and were 
launched. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 

<filters> 

<Criteria field="lastScan.status" 
operator="IN">FINISHED, ERROR</Criteria> 


<Criteria field="lastScan.launchedDate" 
operator="LESSER">2017-08-19</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


</WasScanSchedule> 
<WasScanSchedule> 
<id>97354000</id> 
<name><! [CDATA[Schedule Notification ]]></name> 
<owner> 
<id>334527</id> 
</owner> 
<active>false</active> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<id>1061764000</id> 
<name><![CDATA[My Web App] ]></name> 
<url><![CDATA[http://10.10.26.238] ]></url> 
</webApp> 
<webAppAuthRecord> 
<id>8753</id> 
<name><![CDATA[Auth Record 1]]></name> 
</webAppAuthRecord> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
</target> 
<profile> 
<id>55784</id> 
<name><! [CDATA[ Initial WAS Options ]]></name> 
</profile> 
<scheduling> 
<startDate>2017-05-06T18:22:00Z</startDate> 
<timeZone> 
<code>America/Dawson</code> 
<offset>-07:00</offset> 
</timeZone> 
<occurrenceType>DAILY</occurrenceType> 
<occurrence> 
<dailyOccurrence> 
<everyNDays>1</everyNDays> 
</dailyOccurrence> 


</occurrence> 
</scheduling> 
<lastScan> 
<id>14929668885</id> 
<launchedDate>2017 -@5-12T@1: 22:02Z</launchedDate> 
<status>FINISHED</status> 
</lastScan> 
<createdDate>2017- 05-061 23:17: 23Z</createdDate> 
<updatedDate>2017-85-13T01:22:82Z</updatedDate> 
</WasScanSchedule> 


Sample - List schedules no criteria 


Let us view a list of all schedules that are in the user’s scope and were 
launched. 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. Specify an empty 
file, since no search criteria is being specified. 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WasScanSchedule> 
<id>649146</id> 
<name> 
<![CDATA[Web Application Vulnerability Scan - 2018-10- 
08] |> 
</name> 
<owner> 
<id>412791</id> 
</owner> 


<active>true</active> 
<multi>false</multi> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<id>8077389</id> 
<name> 
<! [CDATA[SampleWebApp 1538665472012 ]]> 
</name> 
<url> 
<![CDATA[http: //funkytown. vuln.ga.example.com: 
80/cassium/xss/ ] ]> 
</url> 
</webApp> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
</target> 
<profile> 
<id>1162483</id> 
<name> 
<![CDATA[Option Profile] ]> 
</name> 
</profile> 
<scheduling> 
<startDate>2018-10-08T16:41:00Z</startDate> 
<timeZone> 
<code>Asia/Colombo</code> 
<offset>+05: 30</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
</scheduling> 
<nextLaunchDate>2018-10-09T11:11:00Z</nextLaunchDate> 
<createdDate>2018-10-08T11:12:28Z</createdDate> 
<updatedDate>2018-10-08T11:12:29Z</updatedDate> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - List active schedules 


Let us view a list of all schedules that are in the user’s scope and were 
launched. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="active" operator="EQUALS">true</Criteria> 
<Criteria field="type" 
operator="EQUALS">VULNERABILITY</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<WasScanSchedule> 
<id>649146</id> 
<name> 
<![CDATA[Web Application Vulnerability Scan - 2018-10- 
08]]> 
</name> 
<owner> 
<id>412791</id> 
</owner> 
<active>true</active> 
<multi>false</multi> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<id>8077389</id> 
<name> 
<! [CDATA[SampleWebApp_ 1538665472012 ]]> 
</name> 


<url> 
<! [CDATA[http: //funkytown. vuln.ga.example.com: 
808/cassium/xss/]]> 
</url> 
</webApp> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
</target> 
<profile> 
<id>1162483</id> 
<name> 
<![CDATA[Option Profile] ]> 
</name> 
</profile> 
<scheduling> 
<startDate>2018-10-08T16:41:00Z</startDate> 
<timeZone> 
<code>Asia/Colombo</code> 
<offset>+05: 30</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
</scheduling> 
<nextLaunchDate>2018-10-09T11:11:00Z</nextLaunchDate> 
<createdDate>2018-10-08T11:12:28Z</createdDate> 
<updatedDate>2018-10-08T11:12:29Z</updatedDate> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/webappauthrecord.xsd 


Get Schedule Details 


/aps/rest/3.0/get/was/wasscanschedule/<id> 


[GET] 


View details for a scheduled scan on a web application which is in the user’s 
scope. Want to find a schedule ID to use as input? See Search schedules. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes schedules in the user's scope. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies a schedule. 


Click here for available operators 


Sample - View schedule details 


Let us view details for schedule with ID 714595. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscanschedule/714 
SEE 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>714393</id> 
<name> 


<![CDATA[Web schedVulnerability Scan - 2017-06-30] ]> 
</name> 
<owner> 
<id>2473353</id> 
<username>username</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</owner> 
<active>false</active> 
<multi>true</multi> 
<type>VULNERABILITY</type> 
<target> 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 
<list> 
<Tag> 
<id>12075819</id> 
<name> 
<! [CDATA[New_tag]]> 
</name> 
</Tag> 
<Tag> 
<id>2685657</id> 
<name> 
<! [CDATA[Business Units]]> 
</name> 
</Tag> 
<SS 
</tagList> 
</included> 
</tags> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>DEFAULT</cancelOption> 
<authRecordOption>DEFAULT</authRecordOption> 
<profileOption>DEFAULT</profileOption> 
<scannerOption>DEFAULT</scannerOption> 
<randomizeScan>false</randomizeScan> 
<useDnsOverride>false</useDnsOverride> 
</target> 
<profile> 
<1d>598333</id> 
<name> 


<![CDATA[ Initial WAS Options ] ]> 
</name> 
</profile> 
<scheduling> 
<startDate>2017-06-30T11:26:00Z</startDate> 
<timeZone> 
<code>Asia/Colombo</code> 
<offset>+05: 30</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
</scheduling> 
<notification> 
<active>false</active> 
<reschedule>false</reschedule> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message> 
<![CDATA[A Qualys scan is scheduled to start soon. ]]> 
</message> 
</notification> 
<launchedCount>®</launchedCount> 
<createdDate>2017-06-30T05:57:12Z</createdDate> 
<createdBy> 
<1d>2473353</11d> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</createdBy> 
<updatedDate>2017-07-01T05:56:02Z</updatedDate> 
<updatedBy> 
<id>2473353</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</updatedBy> 
<sendMail>true</sendMail> 
<sendOneMail>true</sendOneMail> 
<enableWAFAuth>false</enableWAFAuth> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - View schedule details (progressive scan) 


The progressiveScanning element will be included in the call response, if 
Progressive Scanning is enabled for the subscription. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/wasscanschedule/818 
3" 


XML response 


<?xml version="1.8" encoding=<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse 

xmlns:xsi="http: //www.w3.org/2001/XMLSchema- instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<WasScanSchedule> 
<id>8183</id> 
<name> 
<! [CDATA[WASUI-3772 #3] ]|> 
</name> 


<progressiveScanning>ENABLED</progressiveScanning> 


XSD 
<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Create a Schedule (single web application) 
/aps/rest/3.0/create/was/wasscanschedule 


[POST] 


Create a scheduled scan on a web application which is in the user’s scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Create 
WAS Schedule” permission. The output includes schedules in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. See Reference: 
WasScanSchedule for descriptions of these <WasScanSchedule> elements 


Click here for available operators 


Parameter Description 

name (text) Name of the schedule. 
target.webApp.id: (integer) The web applications to be scanned. 
type (keyword) The scheduled scan type: 


VULNERABILITY or DISCOVERY: 


profile.id2 (integer) The name of the option profile that 
includes scan settings. The service provides 
the profile “Initial WAS Options” and we 
recommend this to get started. 


Example: 
<profile> 
<name>Initial WAS Options</name> 


startDate 


timeZone 


occurrenceType 


notification 


reschedule 


target.scannerAppliance.type 


target.scannerAppliance.friendlyName 


target.scannerTags.set.Tag.id 


target.webAppAuthRecord.id or 


target.webAppAuthRecord.isDefault 


options 


</profile> 


(date) The date when the schedule starts in 
UTC date/time format. 


(text) The timezone in which the scan is 
scheduled in UTC date/time format. 


(keyword) The frequency of the scheduled 
scan ONCE DAILY, WEEKLY or MONTHLY. 


(boolean)A flag indicating whether email 
notification is enabled for scheduled scan. 


(boolean) Set this flag to reschedule the scan. 


(keyword) The type of scanner appliance 
used for the scan: EXTERNAL or INTERNAL or 
scannerTags. 


(text) Name of the scanner appliance used for 
the scan. 


(integer) The scanner associated with the tag 
(identified by the specified tag ID) is picked 
for the scan. 


Decides the authentication record to be used 
for the scan. 


target.webAppAuthRecord.id (integer): 
Specify the web application's authentication 
record ID to use the specific authentication 
record. 


target.webAppAuthRecord.isDefault 
(boolean): Set to true to use the default web 
application's authentication record for the 
scan. 


(keyword: ANY, ALL) Decides which web 


proxy.id 


dnsOverride.id 


cancelOption 


sendMail 


sendMailFromAddressOption 


applications should be excluded from the 
scan. 


ALL : Only the web applications associated 
with all the specified tags are excluded from 
the scan. 


ANY : Only the web applications associated 
with any of the specified tags are excluded 
from the scan. 


(integer) The proxy for scanning the target 
web application. 


Example: 

<proxy> 
<id>12345</id> 

</proxy> 


(integer) The DNS override record for 
scanning the target web application. 


Example: 

<dnsOverride> 
<id>67898</id> 

</dnsOverride> 


(keyword: DEFAULT, SPECIFIC) 

set to DEFAULT - Forces the use of the target 
web app’s cancelScans option if set, else fall 
back to the one passed in to the API while 
launching the scan. 


set to SPECIFIC - Always use the cancel scan 
option passed while launching the scan. 


(boolean) Set to false to disable scan 
complete email notifications. 


Example:<sendMail>false</sendMail> 


Identifies the sender of the scan complete 


notifications. The valid values are: 

QUALYS SUPPORT and OWNER. OWNER 
means the user whose account is used to 
create the schedule. 


Example: <sendMailFromAddressOption>QUALYS _ 
SUPPORT</sendMailFromAddressOption> 
Example:<sendMailFromAddressOption>OWNER 
</sendMailFromAddressOption> 


To set this parameter, the sendMail parameter 
must be set to true. If the sendMail parameter 
is true, then sendMailFromAddressOption is 
by default set to QUALYS SUPPORT. You can 
change the value of the parameter to 
OWNER. 


1 The element target must have at least tags or web applications specified. 


2 The element profile (text) is required unless the target has a default option 
profile. 


Sample - Create a new weekly schedule 


Let us create a new web application called “My Web Application” that has the 
starting URL “http://mywebapp.com”. The default web application settings 
are assigned automatically. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScanSchedule> 
<name><![CDATA[Create Schedule from API3 - using 
Reschedule ] ]></name> 
<type>VULNERABILITY</type> 


<active>false</active> 
<scheduling> 
<cancelAfterNHours>8</cancelAfterNHours> 
<startDate>2017-09-06T09:50:11Z</startDate> 
<timeZone> 
<code>America/Vancouver</code> 
<xoffset>-87:88</offset> 
</timeZone> 
<occurrenceType>WEEKLY</occurrenceType> 
<occurrence> 
<weeklyOccurrence> 
<everyNWeeks>2</everyNWeeks> 
<occurrenceCount >20</occurrenceCount> 
<onDays> 
<WeekDay >SATURDAY< /WeekDay > 
<WeekDay >SUNDAY< /WeekDay > 
</onDays> 
</weeklyOccurrence> 
</occurrence> 
</scheduling> 
<notification> 
<active>true</active> 
<reschedule>true</reschedule> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message><![CDATA[A Qualys scan is scheduled to start 
soon. | ]></message> 
</notification> 
<target> 
<webApp> 
<id>1296335669</id> 
</webApp> 
<webAppAuthRecord> 
<id>175535669</id> 
</webAppAuthRecord> 
</target> 
<profile> 
<id>712265669</id> 
</profile> 
</WasScanSchedule> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>203285669</id> 
<name><![CDATA[Create Schedule from API3 - using 
Reschedule | | ></name> 
<owner> 
<id>8792415669</id> 
<username>quays_cp</username> 
<firstName><![CDATA[Customer_2.6_1]]></firstName> 
<lastName><! [CDATA[ pocm] ]></lastName> 
</owner> 
<active>false</active> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<id>1296335669</id> 
<name><! [CDATA[My Web Application] ]></name> 
<url><![CDATA[http://10.10.26.238]]></url> 
</webApp> 
<webAppAuthRecord> 
<id>175535669</id> 
<name>< ! [CDATA[AR1] ] ></name> 
</webAppAuthRecord> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
</target> 
<profile> 
<id>712265669</id> 
<name><![CDATA[Initial WAS Options] ]></name> 
</profile> 
<scheduling> 
<startDate>2017-09-06T09:50:00Z</startDate> 
<timeZone> 
<code>America/Vancouver</code> 
<offset>-07:00</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 


<cancelAfterNHours>8</cancelAfterNHours> 
</scheduling> 
<notification> 
<active>true</active> 
<reschedule>true</reschedule> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message><![CDATA[A Qualys scan is scheduled to start 
soon. | ]></message> 
</notification> 
<launchedCount>®</launchedCount> 
<createdDate>2017-088-27T22:30:59Z</createdDate> 
<createdBy> 
<id>8792415669</id> 
<username>quays_cp</username> 
<firstName><![CDATA[Customer_2.6_1]]></firstName> 
<lastName><! [CDATA[ pocm] ]></lastName> 
</createdBy> 
<updatedDate>2017-88-27T22:31:88Z</updatedDate> 
<updatedBy> 
<id>8792415669</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</updatedBy> 
<sendMail>true</sendMail> 
<sendOneMail>true</sendOneMail> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - Create a new schedule - cancel scan option 


Create a new vulnerability scan schedule on web app ID 2376281 and set the 
cancel scan option to SPECIFIC. Scans launched from this schedule will always 
use the cancel scan option passed with the schedule settings and will override 
the target web app’s cancel scan setting, if set. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 


"https://qualysapi.qualys.com/gps/rest/3.8/create/was/wasscanschedule" 
< file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScanSchedule> 
<name><![CDATA[My Scan Schedule]]></name> 
<type>VULNERABILITY</type> 
<scheduling> 
<cancelAfterNHours>7</cancelAfterNHours> 
<startDate>2017 -09-30T13:11:00Z</startDate> 
<timeZone> 
<code>America/Dawson</code> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
</scheduling> 
<target> 
<webApp> 
<id>2376281</id> 
</webApp> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
</target> 
<profile> 
<id>332147</id> 
</profile> 
</WasScanSchedule> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xXSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>325624</id> 


<name><! [CDATA[My Scan Schedule] ]></name> 
<owner> 
<id>2086786</id> 
<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<active>true</active> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<id>2376281</id> 
<name><![CDATA[My Web App] ]></name> 
<url><![CDATA[http://10.10.26.238] ]></url> 
</webApp> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
</target> 
<progressiveScanning>DEFAULT</progressiveScanning> 
<profile> 
<id>332147</id> 
<name><! [CDATA[10 links] ]></name> 
</profile> 
<scheduling> 
<startDate>2017-09-30T13:11:00Z</startDate> 
<timeZone> 
<code>America/Dawson</code> 
<offset>-07:00</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
<cancelAfterNHours>7</cancelAfterNHours> 
</scheduling> 
<notification> 
<active>false</active> 
</notification> 
<nextLaunchDate>2017 -09-30T20:11:00Z</nextLaunchDate> 
<launchedCount>®</launchedCount> 
<createdDate>2017-06-26T20:54: 30Z</createdDate> 
<createdBy> 
<id>2086786</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</createdBy> 


<updatedDate>2017 -06-26T20:54:30Z</updatedDate> 

<updatedBy> 
<id>2086786</id> 
<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 

</updatedBy> 

<sendMail>true</sendMail> 

<sendOneMail>false</sendOneMail> 

</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - Create a new schedule - assign multiple scanners 


Let us schedule a discovery scan on the web application and assign the pool 
of scanners using the asset tag ID. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/create/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScanSchedule> 
<name><![CDATA[Scheduled Scan With Pool of Internal Scanners]> 
</name> 
<type>VULNERABILITY</type> 
<active>false</active> 
<scheduling> 
<cancelAfterNHours>10</cancelAfterNHours> 
<startDate>2017-01-10T13 :55:35Z</startDate> 
<timeZone> 
<code>Europe/Istanbul</code> 
<offset>+02:00</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
</scheduling> 
<notification> 


<active>false</active> 
</notification> 
<target> 
<webApp><id>522066</id></webApp> 
<scannerTags> 
<set> 
<Tag> 
<1d>154153533 11147714 > 
</Tag> 
</set> 
</scannerTags> 
</target> 
<profile><id>53483</id></profile> 
</WasScanSchedule> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd" > 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>141147</id> 
<name> 
<![CDATA[Scheduled Scan With Pool of Internal 
Scanners ] ]> 
</name> 
<owner> 
<id>1056860</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<active>false</active> 
<multi>false</multi> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 
<id>522065</id> 
<name><![CDATA[My Web Application] ]></name> 
<url><![CDATA[ http: //mywebapp.com] ]></url> 


</webApp> 
<scannerTags> 
<Sieie> 
<Tag> 
<id>8461819</id> 
</Tag> 
</set> 
</scannerTags> 
</target> 
<progressiveScanning>DEFAULT</progressiveScanning> 
<profile> 
<id>194283</id> 
<name> 
<![CDATA[Initial WAS Options] ]> 
</name> 
</profile> 
<scheduling> 
<startDate>2017-01-10T13:55:00Z</startDate> 
<timeZone> 
<code>Europe/Istanbul</code> 
<offset>+02:00</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
<cancelAfterNHours>10</cancelAfterNHours> 
</scheduling> 
<notification> 
<active>false</active> 
<reschedule>false</reschedule> 
</notification> 
<launchedCount>®</launchedCount> 
<createdDate>2017-81-12T11:54:87Z</createdDate> 
<createdBy> 
<id>1056860</id> 
<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</createdBy> 
<updatedDate>2017-@1-12T11:54:09Z</updatedDate> 
<updatedBy> 
<id>1056860</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</updatedBy> 
<sendMail>true</sendMail> 
<sendOneMail>false</sendOneMail> 


</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - Create or update schedule for progressive scanning 


The user will be able to set progressiveScanning to ENABLED, DISABLED or 
DEFAULT, if progressiveScanning is enabled for the subscription. If this option 
is not set for a new schedule, the value DEFAULT is used. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScanSchedule> 
<name><![CDATA[Schedule with enabled 
progressiveScanning | ]></name> 
<type>VULNERABILITY</type> 
<active>false</active> 
<scheduling> 
<startDate>2019-01-30T12:40:27Z</startDate> 
<timeZone> 
<code>Asia/Kolkata</code> 
<offset>+05:30</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
</scheduling> 
<notification> 
<active>true</active> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message><![CDATA[A scan is scheduled to start 
soon. | ]></message> 
</notification> 
<target> 


<webApps> 


<set> 
<WebApp><id>8389207</id></WebApp> 
</set> 
</webApps> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
</target> 
<progressiveScanning>ENABLED</progressiveScanning> 
<profile> 
<id>53483</id> 
</profile> 
</WasScanSchedule> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>8831789</id> 
<name> 
<![CDATA[Schedule with enabled progressiveScanning]]> 
</name> 
<owner> 
<id>105686@</id> 
<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</owner> 
<active>false</active> 
<multi>false</multi> 
<type>VULNERABILITY</type> 
<target> 
<webApp> 


<id>8389207</id> 
<name> 
<![CDATA[My Web Application] ]> 
</name> 
<url> 
<! [CDATA[http://mywebapp.com]]> 
</url> 
</webApp> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
</target> 
<progressiveScanning>ENABLED</progressiveScanning> 
<profile> 
<id>53483</id> 
<name> 
<![CDATA[Scan OP]]> 
</name> 
</profile> 
<scheduling> 
<startDate>2019-01-30T12:40:00Z</startDate> 
<timeZone> 
<code>Asia/Kolkata</code> 
<offset>+05 : 30</offset> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
</scheduling> 
<notification> 
<active>true</active> 
<reschedule>false</reschedule> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message> 
<![CDATA[A scan is scheduled to start soon. ]]> 
</message> 
</notification> 
<launchedCount>®</launchedCount> 
<createdDate>2019-02-26T07:17:22Z</createdDate> 
<createdBy> 
<id>1056860</id> 
<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 


<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</createdBy> 
<updatedDate>2019-82-26T07:17:22Z</updatedDate> 
<updatedBy> 
<id>1056860</id> 
<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</updatedBy> 
<sendMail>true</sendMail> 
<sendOneMail>false</sendOneMail> 
<enableWAFAuth>false</enableWAFAuth> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


If Progressive Scanning is not enabled for the subscription, the 
progressiveScanning element cannot be provided, otherwise an error will be 
returned. 


XML response (error) 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 
<responseCode>INVALID_REQUEST</responseCode> 
<responseErrorDetails> 
<errorMessage>Progressive scanning is not enabled in your 
subscription.</errorMessage> 
<errorResolution>Please check with your account manager to 
enable this option.</errorResolution> 
</responseErrorDetails> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Create Schedules (Multiple) 
/aps/rest/3.0/create/was/wasscanschedule 


[POST] 


You can schedule a Multi-Scan to run automatically, on a regular basis. This 
way you always have the most up-to-date security information in your 
account. 


A Multi-Scan allows you to scan any number of web applications. This feature 
enables you to scan hundreds or even thousands of web applications you may 
have in your organization with granular insight into what scans are running 
and which ones are complete. 


Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access” and "Create 
WAS Schedule” permission. The output includes schedules in the user's scope. 


Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. See Reference: 
WasScanSchedule for descriptions of these <WasScanSchedule> elements. 


Click here for available operators 


Parameter Description 
name (text) Name of the schedule. 
webApps.id or tags.id (integer) The web applications to be scanned. 


webApps.id: Specify the web application ID to 
include it in the scan. 


tags.id: Specify the tag ID associated with the 


target.tags.excluded.option 


target.tags.excluded.tagList.Tag.id 


target.tags.included.option 


target.tags.included.tagList.Tag.id 


type 


profile.id Cinteger)2 


web applications to be scanned. 


(keyword: ALL or ANY) Decides which web 
applications should be excluded from the 
scan. ALL : Only the web applications 
associated with all the specified tags are 
excluded from the scan. ANY : Only the web 
applications associated with any of the 
specified tags are excluded from the scan. 


(integer) The web applications associated 
with the tag (identified by the specified tag 
ID) are excluded from the scan. 


(keyword: ALL or ANY) Decides which web 
applications should be excluded from the 
scan. 


ALL : Only the web applications associated 
with all the specified tags are excluded from 
the scan. 


ANY : Only the web applications associated 
with any of the specified tags are excluded 
from the scan. 


(integer) The web applications associated 
with the tag Cidentified by the specified tag 
ID) are included in the scan. 


(keyword) The scheduled scan type: 
VULNERABILITY or DISCOVERY. 


(integer) The name of the option profile that 
includes scan settings. The service provides 
the profile “Initial WAS Options” and we 
recommend this to get started. 


Example: 


<profile> 


startDate (date) 


timeZone (text) 


occurrenceType 


notification 


reschedule 


target.authRecordOption 


target.profileOption 


target.scannerOption 


<name>Initial WAS Options</name> 


</profile> 


(date) The date when the schedule starts in 
UTC date/time format. 


(text) The timezone in which the scan is 
scheduled in UTC date/time format. 


(keyword) The frequency of the scheduled 
scan : ONCE, DAILY, WEEKLY or MONTHLY. 


(boolean)A flag indicating whether email 
notification is enabled for scheduled scan. 


(boolean) Set this flag to reschedule the scan. 


(integer) Defines the authentication record to 
be used during the scan. 


Set to SPECIFIC -Always use the authRecord 
passed while launching the scan. 


Set to DEFAULT- Forces the use of the 
authRecord, if set, else fall back to the one 
passed in to the API while launching the scan. 


(keyword: ALL or ANY) Defines the option 
profile to be used during the scan. 


Set to SPECIFIC - Always use the 
optionProfile passed while launching the scan. 


Set to DEFAULT - Forces the use of the 
optionProfile if set, else fall back to the one 
passed in to the API while launching the scan. 


(integer) Defines the scanner appliance to be 
used during the scan. 


target.randomizeScan 


target.scannerAppliance.type 


target.scannerAppliance.friendlyName 


cancelOption 


sendMail 


sendOneMail 


Set to SPECIFIC - Always use the scanner 
passed while launching the scan 


Set to DEFAULT - Forces the use of the 
scanner if set, else fall back to the one passed 
in to the API while launching the scan. 


Allows the service to scan the selected web 
applications in random order. The 
randomness will help prevent network 
slowdowns and/or errors 


(keyword: EXTERNAL or INTERNAL or 
scannerTags) Type of the scanner appliance 
to be used for the scan. 


(text) Name of the scanner appliance being 
used for the scan. 


set to DEFAULT - Forces the use of the target 
web app’s cancelScans option if set, else fall 
back to the one passed in to the API while 
launching the scan. 


set to SPECIFIC - Always use the cancel scan 
option passed while launching the scan. 


(boolean) Set to false to disable scan 
complete email notifications. 


Example:<sendMail>false</sendMail> 


(boolean) Set to true to send one email upon 
multi-scan completion. Set to false to send 
one email upon completion of each individual 
scan. 


Example:<sendOneMail>true</sendOneMail> 


Note: sendOneMail is valid only when 
sendMail = true for a multi-scan (multiple web 
applications being scanned). If sendMail is set 


to false, sendOneMail will be ignored. 


sendMailFromAddressOption Identifies the sender of the scan complete 
notifications. The valid values are: 
QUALYS SUPPORT and OWNER. OWNER 
means the user whose account is used to 
create the schedule. 


Example: <sendMailFromAddressOption>QUALYS _ 
SUPPORT</sendMailFromAddressOption> 
Example:<sendMailFromAddressOption>OWNER 
</sendMailFromAddressOption> 


To set this parameter, the sendMail parameter 
must be set to true. If the sendMail parameter 
is true, then sendMailFromAddressOption is 
by default set to QUALYS SUPPORT. You can 
change the value of the parameter to 
OWNER. 


1 The element target must have at least tags or web applications specified. 


2 The element profile (text) is required unless the target has a default option 
profile. 


Sample - Schedule a multi-scan 


Let’s schedule a multi-scan for two web applications by specifying the ID for 
the web applications. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/wasscanschedule" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceRequest> 
<data> 
<WasScanSchedule> 


<name>MultiSchedule_1497351121650</name> 
<type>VULNERABILITY</type> 
<active>false</active> 
<scheduling> 
<cancelAfterNHours>8</cancelAfterNHours> 
<startDate>2017-06-13T21:51:57Z</startDate> 
<timeZone> 
<code>America/Vancouver</code> 
<offset>-@7:00</offset> 
</timeZone> 
<occurrenceType>WEEKLY</occurrenceType> 
<occurrence> 
<weeklyOccurrence> 
<everyNWeeks>2</everyNWeeks> 
<occurrenceCount>2@< /occurrenceCount > 
<onDays> 
<WeekDay >SATURDAY< /WeekDay > 
</onDays> 
</weeklyOccurrence> 
</occurrence> 
</scheduling> 
<notification> 
<active>true</active> 
<reschedule>true</reschedule> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message><![CDATA[A scan is scheduled to start 
soon. | ]></message> 
</notification> 
<target> 
<webApps> 
<seie> 
<WebApp> 
<id>4331923</id> 
</WebApp> 
<WebApp> 
<id>4331924< /id> 
</WebApp> 
</set> 
</webApps> 
<webAppAuthRecord> 
<id>583957</id> 
</webAppAuthRecord> 
<scannerAppliance> 


<type>EXTERNAL</type> 

</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
<authRecordOption>DEFAULT</authRecordOption> 
<profileOption>SPECIFIC</profileOption> 
<scannerOption>DEFAULT</scannerOption> 
<randomizeScan>true</randomizeScan> 
<useDnsOverride>true</useDnsOverride> 

</target> 

<profile> 
<id>1071133</id> 

</profile> 

</WasScanSchedule> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
o/ 
was/wasscanschedule.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<WasScanSchedule> 
<id>697193</id> 
<name><! [CDATA[MultiSchedule 1497351121650] ] ></name> 
<owner> 
<id>2911477</id> 


<username>john_doe</username> 
<firstName><![CDATA[John]]></firstName> 
<lastName><![CDATA[Doe]]></lastName> 
</owner> 
<active>false</active> 
<multi>true</multi> 
<type>VULNERABILITY</type> 
<target> 
<webApps> 
<list> 
<WebApp> 
<id>4331923</id> 
<name><! [CDATA[web app 
1497351058103 | ]></name> 
<url><![CDATA[ http: //www.example.com/cassium/xss/]]></url> 


</WebApp> 
<WebApp> 
<id>4331924</id> 
<name><![CDATA[web app 
1497351100446 ] ]></name> 
<url><![CDATA[ http: //www.example.com/cassium/xss/ ] ]></url> 
</WebApp> 
Ssi 
</webApps> 
<webAppAuthRecord> 
<id>583957</id> 
<name><![CDATA[Form and 
Server ]149735111801] ]></name> 
</webAppAuthRecord> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
<authRecordOption>DEFAULT</authRecordOption> 
<profileOption>SPECIFIC</profileOption> 
<scannerOption>DEFAULT</scannerOption> 
<randomizeScan>true</randomizeScan> 
<useDnsOverride>true</useDnsOverride> 
</target> 
<progressiveScanning>DEFAULT</progressiveScanning> 
<profile> 
<id>1071133</id> 
<name><! [CDATA[My Option Profile - with defaults 
1497351048931] ]></name> 
</profile> 
<scheduling> 
<startDate>2017 -06-13T21:51:00Z</startDate> 
<timeZone> 
<code>America/Vancouver</code> 
<offset>-07:00</offset> 
</timeZone> 
<occurrenceType>WEEKLY</occurrenceType> 
<occurrence> 
<weeklyOccurrence> 
<everyNWeeks>2</everyNWeeks> 
<onDays> 
<WeekDay>SATURDAY</WeekDay> 
</onDays> 
<occurrenceCount >2@</occurrenceCount> 
</weeklyOccurrence> 
</occurrence> 


<cancelAfterNHours>8</cancelAfterNHours> 
</scheduling> 
<notification> 
<active>true</active> 
<reschedule>true</reschedule> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message><![CDATA[A scan is scheduled to start 
soon. | ]></message> 
</notification> 
<launchedCount>®</launchedCount> 
<createdDate>2017 -06-13T10:52:07Z</createdDate> 
<createdBy> 
<id>2911477</id> 
<username>john_doe</username> 
<firstName><![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe] ]></lastName> 
</createdBy> 
<updatedDate>2017-@6-13T10:52:09Z</updatedDate> 
<updatedBy> 
<id>2911477</id> 
<username>john_doe</username> 
<firstName><![CDATA[John]]></firstName> 
<lastName><![CDATA[Doe]]></lastName> 
</updatedBy> 
<sendMail>true</sendMail> 
<sendOneMail>false</sendOneMail> 
<enableWAFAuth>false</enableWAFAuth> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - Schedule a multi-scan with some criteria 


Let’s schedule a multi-scan for all the web applications that are associated 
with the tags specified in the request filter and configure scan completion 
notification to be sent after completion of the multi-scan. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 


"https://qualysapi.qualys.com/qps/rest/3.@/create/was/wasscanschedule 
< file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<WasScanSchedule> 
<name>SampleSchedule</name> 
<type>VULNERABILITY</type> 
<active>false</active> 
<scheduling> 
<cancelAfterNHours>8</cancelAfterNHours> 
<startDate>2017-06-13T21:51:57Z</startDate> 
<timeZone> 
<code>America/Vancouver</code> 
<offset>-@7:00</offset> 
</timeZone> 
<occurrenceType>WEEKLY</occurrenceType> 
<occurrence> 
<weeklyOccurrence> 
<everyNWeeks>2</everyNWeeks> 
<occurrenceCount>2@</occurrenceCount > 
<onDays> 
<WeekDay >SATURDAY< /WeekDay > 
</onDays> 
</weeklyOccurrence> 
</occurrence> 
</scheduling> 
<notification> 
<active>true</active> 
<reschedule>true</reschedule> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message><![CDATA[A scan is scheduled to start 
soon. | ]></message> 
</notification> 
<target> 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 


[Seto 
<Tag> 
<id>12017424</id> 
</Tag> 
<Tag> 
<id>12017228</id> 
</Tag> 
</set> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<Se t> 
<Tag> 
<id>12017228</id> 
</Tag> 
</set> 
</tagList> 
</excluded> 
</tags> 
<webAppAuthRecord> 
<id>583957</id> 
</webAppAuthRecord> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
<authRecordOption>DEFAULT</authRecordOption> 
<profileOption>SPECIFIC</profileOption> 
<scannerOption>DEFAULT</scannerOption> 
<randomizeScan>true</randomizeScan> 
<useDnsOverride>true</useDnsOverride> 
</target> 
<profile> 
<id>1071133</id> 
</profile> 
<sendOneMail>false</sendOneMail> 


</WasScanSchedule> 


</data> 


</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 


xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 

@/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 


<data> 


<WasScanSchedule> 


apps | ]> 


<id>699795</id> 
<name> 


<![CDATA[Schedule a multi scan for multiple web 


</name> 

<owner> 
<id>2911477</id> 
<username>john_doe</username> 


<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Doe] ]></lastName> 


</owner> 
<active>false</active> 
<multi>true</multi> 
<type>VULNERABILITY</type> 
<target> 
<tags> 
<included> 
<option>ANY</option> 
<tagList> 
<list> 
<Tag> 


<id>12017424</id> 


</Tag> 
<Tag> 


<id>12017228</id> 


</Tag> 
</list> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<list> 
<Tag> 


<id>12017228</id> 


</Tag> 
</list> 
</tagList> 
</excluded> 


</tags> 

<webAppAuthRecord> 
<1d>583957</1d> 
<name> 


<![CDATA[Form and Server ]149735111801 ] ]> 


</name> 
</webAppAuthRecord> 
<scannerAppliance> 
<type>EXTERNAL</type> 
</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
<authRecordOption>DEFAULT</authRecordOption> 
<profileOption>SPECIFIC</profileOption> 
<scannerOption>DEFAULT</scannerOption> 
<randomizeScan>true</randomizeScan> 
<useDnsOverride>true</useDnsOverride> 
</target> 
<progressiveScanning>DEFAULT</progressiveScanning> 
<profile> 
<id>1071133</id> 
<name> 
<![CDATA[My Option Profile - with defaults 
1497351048931] |> 
</name> 
</profile> 
<scheduling> 
<startDate>2017-06-13T21:51:00Z</startDate> 
<timeZone> 
<code>America/Vancouver</code> 
<offset>-07:00</offset> 
</timeZone> 
<occurrenceType>WEEKLY</occurrenceType> 
<occurrence> 
<weeklyOccurrence> 
<everyNWeeks>2</everyNWeeks> 
<onDays> 
<WeekDay >SATURDAY< /WeekDay > 
</onDays> 
<occurrenceCount>2@< /occurrenceCount> 
</weeklyOccurrence> 
</occurrence> 
<cancelAfterNHours>8</cancelAfterNHours> 
</scheduling> 
<notification> 
<active>true</active> 
<reschedule>true</reschedule> 


<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message> 
<![CDATA[A scan is scheduled to start soon. ]]> 
</message> 
</notification> 
<launchedCount>®</launchedCount> 
<createdDate>2017-86-15T09:19:89Z</createdDate> 
<createdBy> 
<id>2911477</id> 
<username>john_doe</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</createdBy> 
<updatedDate>2017-86-15T09:19:89Z</updatedDate> 
<updatedBy> 
<id>2911477</id> 
<username>john_doe</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</updatedBy> 
<sendMail>true</sendMail> 
<sendOneMail>false</sendOneMail> 
<enableWAFAuth>false</enableWAFAuth> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Update Schedule 


/aps/rest/3.0/update/was/wasscanschedule/<id> 


[POST] 


Update a scheduled scan on a web application which is in the user’s scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Edit WAS 
Schedule”. Scan target must be within the user’s scope. 


Input Parameters 


The “id” (integer) element and the data to be updated in the schedule are 
required where “id” identifies a schedule. See Reference: WasScanSchedule 
for descriptions of all of the <WasScanSchedule> elements. 


Click here for available operators 
Sample - Update a schedule by enabling notification for the same 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/update/was/wasscanschedule/ 
1688” < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<WasScanSchedule> 
<notification> 
<active>true</active> 
<delay> 
<nb>4</nb> 
<scale>DAY</scale> 
</delay> 


<recipients> 
GSE LD: 
<EmailAddress><! [CDATA[name1@company.com] ]></EmailAddress> 


<EmailAddress><![CDATA[name2@company.com]]></EmailAddress> 
<EmailAddress><![CDATA[name3@company.com]]></EmailAddress> 


</set> 
</recipients> 
<message><![CDATA[The schedule notification 
message | ]></message> 
</notification> 
</WasScanSchedule> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>1688</id> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - Update notification to reschedule 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/update/was/wasscanschedule/ 
171425669” < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 
<ServiceRequest> 


<data> 
<WasScanSchedule> 
<name><![CDATA[Update Notification to enable Reschedule] ]></name> 
<notification> 
<active>true</active> 
<reschedule>true</reschedule> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<message><![CDATA[A Qualys scan is scheduled to start 
soon. | ]></message> 
</notification> 
</WasScanSchedule> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>171425669</id> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - Update schedule to configure scan completion notification 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/update/was/wasscanschedule/ 
171425669” < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 
<ServiceRequest> 


<data> 
<WasScanSchedule> 
<name>Schedule with sendOneMail enabled</name> 
<sendMail>true</sendMail> 
<sendOneMail>true</sendOneMail> 
</WasScanSchedule> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>171425669</id> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Activate an Existing Schedule 


/aps/rest/3.0/update/was/wasscanschedule/<id> 
/aps/rest/3.0/activate/was/wasscanschedule/<id> 
/aps/rest/3.0/activate/was/wasscanschedule/<filters> 


[POST] 


Activate one or more scheduled scans on web applications which are in the 
user’s scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Edit WAS 
Schedule”. Scan target must be within the user’s scope. 


Input Parameters 


The “id” (integer) element and the data to be updated in the schedule are 
required where “id” identifies a schedule. When multiple elements are 
specified, parameters are combined using a logical AND. See Reference: 
WasScanSchedule for descriptions of all of the <WasScanSchedule> elements. 


Click here for available operators 


Parameter Description 

id (integer) The schedule ID. This element is assigned by 
the service and is required for a certain type of 
request. 

name (text) The user-defined schedule name (maximum 256 
characters). 

createdDate (date) The date when the schedule was created in 


WAS, in UTC date/time format. 


updatedDate (date) The date when the schedule was created in 
WAS, in UTC date/time format. 


type (keyword) The scheduled scan type: VULNERABILITY 
or DISCOVERY. 


webApp.name (text) The name of the web application being scanned. 

webApp.id (integer) The ID of the web application being scanned. 

owner.id (text) ID associated with the owner who created the 
schedule. 

active (boolean) Indicates whether the schedule is active or 


not. True indicates active schedule. 


invalid (boolean) Indicates the schedule is invalid. The web 
application to which the schedule was applied is 
deleted and hence the schedule is invalid. 


Sample - Activate a schedule 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/activate/was/wasscanschedul 
e/1688” < file.xml 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<WasScanSchedule> 


<id>1688</id> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - Activate Multi Schedule using filters 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/activate/was/wasscanschedul 


e" < file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" 
operator="CONTAINS">Schedule</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<data> 
<WasScanSchedule> 
<id>701147</id> 
</WasScanSchedule> 
<WasScanSchedule> 
<id>701946</id> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Deactivate Schedule 
/aps/rest/3.0/update/was/wasscanschedule/<id> 
/aps/rest/3.0/deactivate/was/wasscanschedule/<id> 
/aps/rest/3.0/deactivate/was/wasscanschedule/<filters> 


[POST] 


Deactivate one or more scheduled scans on web applications which are in the 
user’s scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Edit WAS 
Schedule”. Scan target must be within the user’s scope. 


Input Parameters 


The “id” Cinteger) element and the data to be updated in the schedule are 
required where “id” identifies a schedule. When multiple elements are 
specified, parameters are combined using a logical AND. See Reference: 
WasScanSchedule for descriptions of all of the <WasScanSchedule> elements. 


Click here for available operators 


Parameter Description 

id (integer) The schedule ID. This element is assigned by 
the service and is required for a certain type of 
request. 

name (text) The user-defined schedule name (maximum 256 
characters). 

createdDate (date) The date when the schedule was created in 


WAS, in UTC date/time format. 


updatedDate (date) The date when the schedule was created in 
WAS, in UTC date/time format. 


type (keyword) The scheduled scan type: VULNERABILITY 
or DISCOVERY. 


webApp.id (integer) The ID of the web application being scanned. 
webApp.name (text) The name of the web application being scanned. 
owner.id (integer) ID associated with the owner who created 


the schedule. 


active (boolean) Indicates whether the schedule is active or 
not. True indicates active schedule. 


invalid (boolean) Indicates the schedule is invalid. The web 
application to which the schedule was applied is 
deleted and hence the schedule is invalid. 


Sample - Deactivate a schedule 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/deactivate/was/wasscansched 
ule/1688" < file.xml 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<WasScanSchedule> 


<id>1688</id> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


Sample - Deactivate Multi Schedule using filters 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/deactivate/was/wasscansched 
ule"< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" 
operator="CONTAINS">Schedule</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<data> 
<WasScanSchedule> 
<id>701147</id> 
</WasScanSchedule> 
<WasScanSchedule> 
<id>701946</id> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Delete Schedule 


/aps/rest/3.0/delete/was/wasscanschedule/<id> 


/aps/rest/3.0/delete/was/wasscanschedule/<filters> 


[POST] 


Delete scheduled scans on web applications which are in the user's scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and Delete 
WAS Schedule”. Scan target must be within the user's scope. 


Input Parameters 

The “id” (integer) element and the data to be updated in the schedule are 
required where “id” identifies a schedule. When multiple elements are 
specified, parameters are combined using a logical AND. See Reference: 


WasScanSchedule for descriptions of all of the <WasScanSchedule> elements. 


Click here for available operators 


Parameter Description 

id (integer) The schedule ID. This element is assigned by 
the service and is required for a certain type of 
request. 

name (text) The user-defined schedule name (maximum 256 
characters). 

createdDate (date) The date when the schedule was created in 


WAS, in UTC date/time format. 


updatedDate (date) The date when the schedule was created in 
WAS, in UTC date/time format. 


type (keyword) The scheduled scan type: VULNERABILITY 
or DISCOVERY. 


webApp.name (text) The name of the web application being scanned. 
webApp.id (integer) The ID of the web application being scanned. 
owner.id (integer) ID associated with the owner who created 


the schedule. 


active (boolean) Indicates whether the schedule is active or 
not. True indicates active schedule. 


invalid (boolean) Indicates the schedule is invalid. The web 
application to which the schedule was applied is 
deleted and hence the schedule is invalid. 


Sample - Delete single schedule 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/delete/was/wasscanschedule/ 
1846” 

Note: “file.xml” contains the request POST data. 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.cm/qps/xsd/3.0 
/was/wasscanschedule.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<WasScanSchedule> 
<id>1846</id> 
</WasScanSchedule> 


</data> 
</ServiceResponse> 


Sample - Delete schedules matching criteria 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/delete/was/wasscanschedule/ 
" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="active" operator="EQUALS">false</Criteria> 
<Criteria field="name" operator="CONTAINS">WEEKLY -</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/wasscanschedule. xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<data> 
<WasScanSchedule> 
<id>1747</id> 
</WasScanSchedule> 
<WasScanSchedule> 
<id>1768</id> 
</WasScanSchedule> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Download Schedule 
/aps/rest/3.0/download/was/wasscanschedule/<id> 
/aps/rest/3.0/download/was/wasscanschedule/<filters> 


[POST] 


Download scheduled scans on a web applications, which are in the user's 
scope, to iCalendar format and then import them into your favorite calendar 
application so you can access your schedules on the go. You can import your 
schedules into several calendars including Microsoft Outlook, Google Calendar 
and Apple iCal. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The schedule 
must be within the user’s scope. 


Input Parameters 


The “id” (integer) element and the data to be updated in the schedule are 
required where “id” identifies a schedule. When multiple elements are 
specified, parameters are combined using a logical AND. See Reference: 
WasScanSchedule for descriptions of all of the <WasScanSchedule> elements. 


Click here for available operators 


Parameter Description 

id (integer) The schedule ID. This element is assigned by 
the service and is required for a certain type of 
request. 

name (text) The user-defined schedule name (maximum 256 
characters). 

createdDate (date) The date when the schedule was created in 


WAS, in UTC date/time format. 


updatedDate (date) The date when the schedule was created in 
WAS, in UTC date/time format. 


type (keyword) The scheduled scan type: VULNERABILITY 
or DISCOVERY. 


webApp.name (text) The name of the web application being scanned. 
webApp.id (integer) The ID of the web application being scanned. 
owner.id (integer) ID associated with the owner who created 


the schedule. 


active (boolean) Indicates whether the schedule is active or 
not. True indicates active schedule. 


invalid (boolean) Indicates the schedule is invalid. The web 
application to which the schedule was applied is 
deleted and hence the schedule is invalid. 


Sample - Download a single schedule 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/download/was/wasscanschedul 
e/1846" 

Note: “file.xml” contains the request POST data. 


XML response 


BEGIN: VCALENDAR 

PRODID:-//Qualys Inc//WAS Product//EN 
VERSION: 2.0 

CALSCALE : GREGORIAN 

METHOD : PUBLISH 

BEGIN: VTIMEZONE 

TZID:America/Boise 


TZURL: http://tzurl.org/zoneinfo/America/Boise 
X-LIC-LOCATION:America/Boise 

BEGIN: DAYLIGHT 

TZOFFSETFROM: -0700 

TZOFFSETTO: -0600 

TZNAME : MDT 

DTSTART : 20070311T020000 

RRULE : FREQ=YEARLY ; BYMONTH=3 ; BYDAY=2SU 
END: DAYLIGHT 

BEGIN: STANDARD 

TZOFFSETFROM: -0600 

TZOFFSETTO: -0700 

TZNAME : MST 

DTSTART : 20071104T020000 

RRULE : FREQ=YEARLY ; BYMONTH=11 ; BYDAY=1SU 
END: STANDARD 

BEGIN: STANDARD 

TZOFFSETFROM: -074449 

TZOFFSETTO: -0800 

TZNAME : PST 

DTSTART :18831118T121511 

END: STANDARD 

BEGIN: DAYLIGHT 


CREATED: 201811287 204534Z 

LAST -MODIFIED: 20181128T210007Z 
SEQUENCE :@ 

STATUS : CONFIRMED 
TRANSP : TRANSPARENT 

END: VEVENT 

END: VCALENDAR 


XSD 


<platform API server>/qps/xsd/3.0/was/wasscanschedule.xsd 


Reference: Schedule 


The <WasScanSchedule> element includes sub elements used to define a 
schedule. A reference of these elements is provided below. An asterisk * 
indicates a complex element. 


Parameter 


id 


name 


owner.id 


createdDate 


updatedDate 


type 


webApp.name 


webApp.id 


webApp.tags (with 


operator="NONE") 


webApp.tags.id 


Description 


(integer) The schedule ID. This element is 
assigned by the service and is required for a 
certain type of request. 


(text) The user-defined schedule name 
(maximum 256 characters). 


(integer) ID associated with the owner who 
created the schedule. 


(date) The date when the schedule was created 
in WAS, in UTC date/time format. 


(date) The date when the schedule was created 
in WAS, in UTC date/time format. 


(keyword) The scheduled scan type: 
VULNERABILITY or DISCOVERY. 


(text) The name of the web application being 
scanned. 


(integer) The ID of the web application being 
scanned. 


Tags associated with the web application being 
scanned. 


(integer) ID of the tag applied to the web 
application being scanned. 


invalid 


lastScan (with 
operation="NONE") 


lastScan.launchedDate 


lastScan.status 


multi (Boolean) 


(boolean) Indicates the schedule is invalid. The 
web application to which the schedule was 
applied is deleted and hence the schedule is 
invalid. 


(boolean) Indicates if the last scan was 
performed or not. True indicates that the last 
scan was performed. 


(date) Date when the last scan was launched on 
the web application, in UTC date/time format. 


(keyword) Scan status reported by last web 
application scan: SUBMITTED, RUNNING, 
FINISHED, TIME_LIMIT_EXCEEDED, 
SCAN_NOT_LAUNCHED, 
SCANNER_NOT_AVAILABLE, ERROR, 
CANCELED) 


(boolean) Indicates if the scheduled scan is 
single scan or multiple scan. 


Reference: WasScanSchedule 


The <WasScanSchedule> element includes sub elements used to define a web 
application scan schedule. A reference of these elements is provided below. 
An asterisk * indicates a complex element. 


Parameter 


id 


owner 


active (Boolean) 
launchedCount (integer) 


nextLaunchDate (date) 


target* (for single web 
application) 


Description 


(integer) The schedule ID. This element is assigned by 
the service and is required for a certain type of 
request (details, activate, deactivate). 


(text)The user who owns the schedule. User 
properties include user ID, user login, first and last 
name. 


Example: 

<owner> 
<id>123056</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 

</owner> 


The schedule is active: true or false. 
The number of times the scan has been launched. 


The next launch date and time in UTC date/time 
format (YYYY-MM-DDTHH:MM:SSZ). 


(text) The target of the scan. <webApp> is the target 
web application. 


<scannerAppliance> - type (keyword) is set to 
INTERNAL for a scanner appliance, or EXTERNAL for 
external scanners or scannerTags for assigning 


multiple scanner appliances grouped by asset tag. If 
the type is INTERNAL, friendlyName (text) is the 
user-defined appliance name. 


<cancelOption> set to DEFAULT - Forces the use of 
the target web app’s cancelScans option if set, else 
fall back to the one passed in to the API with the 
schedule settings. 


<cancelOption> set to SPECIFIC - Always use the 
cancel scan option passed with the schedule settings. 


Example: target.webApp is required 


<target> 

<webApp> 
<id>324265</id> 
<name><! [CDATA[Merchant Site]]></name> 
<url><![CDATA[http://url]]></url> 

</webApp> 

<scannerAppliance> 
<type>INTERNAL</type> 
<friendlyName><! [CDATA[ name ] ]></friendlyName> 


</scannerAppliance> 
<cancelOption>SPECIFIC</cancelOption> 
</target> 
target* (for multiple web <cancelOption> set to DEFAULT - Forces the use of 
application) the target web app’s cancelScans option if set, else 


fall back to the one passed in to the API while 
launching the scan. 


<cancelOption> set to SPECIFIC - Always use the 
cancel scan option passed while launching the scan. 


<target.authRecordOption> set to SPECIFIC - 
Always use the authRecord passed while launching 
the scan 


<target.authRecordOption> set to DEFAULT- 
Forces the use of the authRecord, if set, else fall back 
to the one passed in to the API while launching the 
scan. 


<target.profileOption> set to SPECIFIC-Always 
use the optionProfile passed while launching the scan 


<target.profileOption> set to DEFAULT-Forces 
the use of the optionProfile if set, else fall back to the 
one passed in to the API while launching the scan. 


<target.scannerOption> set to SPECIFIC-Always 
use the scanner passed while launching the scan 


<target.scannerOption> set to DEFAULTForces 
the use of the scanner if set, else fall back to the one 
passed in to the API while launching the scan. 


<target.randomizeScan> (Boolean) - Set to true to 
scan the selected web applications in random order. 
Set to false to scan the selected web application in 
sequential order. 


target.tags (For MultiScan)-- 
---target.tags.included.option(ALL/ANY) is required, 


---target.tags.included.tagList is required, only <set> 
is allowed for target.tags.included.tagList. 


--- target.tags.included.tagList.set.Tag.id is required 
and should be valid 


---Only target.tags.exclusive is not allowed, it must be 
with target.tags.inclusive 


---|f target.tags.excluded is present, all the above 
rules are applicable to it 


Example: Either target.webApps or target.tags is 
required and these are mutually exclusive. 
target.webApps (For MultiScan) - 
Only <set> is allowed for target.webApps 
<webApps> 
<set> 
<WebApp> 
<id>4330527</id> 
</WebApp> 


<WebApp> 
<id>4330327</id> 
</WebApp> 
</set> 
</webApps> 
target.tags (For MultiScan)- 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 
SS, 
<Tag><id>12017424</id></Tag> 
<Tag><id>12017228</id></Tag> 
</set> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<set> 
<Tag><id>12017228</id></Tag> 
</set> 
</tagList> 
</excluded> 
</tags> 


profile.id (integer) The name of the option profile that includes 
scan settings. The service provides the profile “Initial 
WAS Options” and we recommend this to get started. 


Example: 
<profile> 

<name>Initial WAS Options</name> 
</profile> 


proxy.id (integer) The proxy for scanning the target web 
application. 


Example: 

<proxy> 
<id>12345</id> 

</proxy> 


dnsOverride.id (integer) The DNS override record for scanning the 


createdDate (date) 


createdBy* 


updatedDate (date) 


updatedBy* 


scheduling* 


target web application. 


Example: 

<dnsOverride> 
<id>67898</id> 

</dnsOverride> 


The schedule creation date and time in UTC 
date/time format (YYYY-MM-DDTHH:MM:SSZ). 


The user who created the schedule. 


Example: 

<createdBy> 
<id>123056</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 

</createdBy> 


The date and time of the most recent update of the 
schedule in UTC date/time format (YYYY-MM- 
DDTHH:MM:SSZ). 


The user who updated the schedule. 


Example: 

<updatedBy> 
<id>123056</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 

</updatedBy> 


The schedule settings. <cancelAfterNHours> is the 
number of hours after which the scan task will be 
cancelled. <cancelTime> is the time at which a scan 
will be cancelled. <startDate> is the date and time the 
scan will begin. <timeZone> is the time zone that 
applies to the schedule. <occurence> defines 
frequency of the task: SINGLE, DAILY, WEEKLY or 
MONTHLY. 


notification* 


Example of weekly scan with the 


<cancelAfterNHours> option: 


<scheduling> 
<cancelAfterNHours>11</cancelAfterNHours> 
<startDate>2017-02-02T10:10:00Z</startDate> 
<timeZone> 
<code>Europe/Paris</code> 
</timeZone> 
<occurrenceType>WEEKLY</occurrenceType> 
<occurrence> 
<weeklyOccurrence> 
<everyNWeeks>2</everyNWeeks> 
<occurrenceCount>28</occurrenceCount> 
<onDays> 
<WeekDay >MONDAY< /WeekDay > 
<WeekDay >SATURDAY< /WeekDay > 
<WeekDay>SUNDAY</WeekDay> 
</onDays> 
</weeklyOccurrence> 
</occurrence> 
</scheduling> 


Example of single occurrence scan with the 
<cancelTime> option: 


<scheduling> 
<startDate>2017 -02-02T10:10:00Z</startDate> 
<timeZone> 
<code>Europe/Paris</code> 
</timeZone> 
<occurrenceType>ONCE</occurrenceType> 
<occurrence> 
<cancelTime>11:15</cancelTime> 
</occurrence> 
</scheduling> 


The notification settings. 
- <active> indicates whether notification is enabled. 


- <delay> indicates when the notification will be sent 
as number of days, hours, or minutes before the scan. 


sendMail 


sendOneMail 


- <scale> indicates the delay unit: DAY, HOUR or 
MINUTE. 


- <fromAddressOption> identifies the sender of the 
notification. The valid values for the tag are: 

QUALYS SUPPORT and OWNER. OWNER means the 
user whose account is used to create the schedule. If 
you do not specify this tag, then by default the 
QUALYS SUPPORT value is sent in the request for 
this tag. 


<fromAddressOption>QUALYS SUPPORT 
</fromAddressOption> 
<fromAddressOption>OWNER</fromAddressOption> 


- <recipients> identifies the email addresses of the 
notification recipients. <message> is the text of the 
notification message. 


Example: 


<notification> 
<active>true</active> 
<delay> 
<nb>1</nb> 
<scale>DAY</scale> 
</delay> 
<fromAddressOption>OWNER</fromAddressOption> 
<recipients> 
<set> 
<EmailAddress><![CDATA[1@a.com] ]></EmailAddress> 
<EmailAddress><![CDATA[2@a.com]]></EmailAddress> 
</set> 
</recipients> 
<message><![CDATA[The message] ]></message> 
</notification> 


(boolean) Set to false to disable scan complete email 
notifications. 


Example:<sendMail>false</sendMail> 


(boolean) Set to true to send one email upon multi- 


sendMailFromAddressOption 


scan completion. Set to false to send one email upon 
completion of each individual scan. 


Example: <sendOneMail>true</sendOneMail> 


Note: sendOneMail is valid only when sendMail = true 
for a multi-scan (multiple web applications being 
scanned). If sendMail is set to false, sendOneMail will 
be ignored. 


Identifies the sender of the scan complete 
notifications. The valid values are: 

QUALYS SUPPORT and OWNER. OWNER means 
the user whose account is used to create the 
schedule. 


Example: <sendMailFromAddressOption>QUALYS _ 
SUPPORT</sendMailFromAddressOption> 
Example:<sendMailFromAddressOption>OWNER 
</sendMailFromAddressOption> 


To set this parameter, the sendMail parameter must 
be set to true. If the sendMail parameter is true, then 
sendMailFromAddressOption is by default set to 
QUALYS SUPPORT. You can change the value of the 
parameter to OWNER. 


Reports 


Report Count 
/aps/rest/3.0/count/was/report 


[GET] [POST] 


Returns the total number of reports in the user’s scope. 

Permissions required User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes reports in the user's scope. 

Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. See Reference: 


Report for descriptions of these <Report> elements 


Click here for available operators 


Parameter Description 


id (integer) The report ID. This element is assigned by the 
service and is required for a certain type of request 
(details, status, update, delete, send or download). 


name (text) A report name (maximum 256 characters). 
Applies to all reports. 


tags.id (integer) ID of the tag associated with the report. 
tags.name (text) Name of the tag associated with the report. 
creationDate (date) The date when the report was created in UTC 


date/time format (YYYY-MM-DDTHH:MM:SSZ). 


type (keyword) The report type, one of: 
WAS_SCAN_REPORT, WAS_WEBAPP_REPORT, 
WAS SCORECARD REPORT, 
WAS CATALOG REPORT, DATALIST REPORT. 


format (keyword) The format of the report, one of: 
HTML ZIPPED, HTML BASE64, PDF, 
PDF ENCRYPTED, POWERPOINT, CSV, CSV_V2, XML, 
WORD. 


status (keyword) The status of the report: RUNNING, ERROR 
or COMPLETE. 


Sample - Get count of reports in user's account 


Return the number (count) of all reports in the user’s scope. 


API request 


curl -u “USERNAME : PASSWORD" 
https://qualysapi.qualys.com/gps/rest/3.0/count/was/report” 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/20881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd" 
<ServiceResponse> 

<count>12</count> 

<responseCode>SUCCESS</responseCode> 
</ServiceResponse> 


Sample - Get count of reports with a criteria 


Return the number (count) reports with an ID that includes 1302 and 1303. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 


"https://qualysapi.qualys.com/qps/rest/3.0/count/was/report" < 
file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="IN">1302, 1303</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/200@1/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd" 
<ServiceResponse> 

<count>1</count> 

<responseCode>SUCCESS</responseCode> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Search Report 
/aps/rest/3.0/search/was/report 


[POST] 


Returns a list of reports which are in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The output 
includes reports in the user's scope. 


Input Parameters 

These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. See Reference: 
Report for descriptions of these <Report> elements 


Click here for available operators 


Parameter Description 


id (integer) The report ID. This element is assigned by the 
service and is required for a certain type of request 
(details, status, update, delete, send or download). 


name (text) A report name (maximum 256 characters). 
Applies to all reports. 


tags.id (integer) ID of the tag associated with the report. 
tags.name (text) Name of the tag associated with the report. 
creationDate (date) The date when the report was created in UTC 


date/time format (YYYY-MM-DDTHH:MM:SSZ). 


type (keyword) The report type, one of: 
WAS_SCAN_REPORT, WAS_WEBAPP_REPORT, 
WAS_SCORECARD_REPORT, 


WAS_CATALOG_REPORT, DATALIST_REPORT. 


format (keyword) The format of the report, one of: 
HTML_ZIPPED, HTML_BASE64, PDF, 
PDF_ENCRYPTED, POWERPOINT, CSV, CSV_V2, XML, 
WORD. 


status (keyword) The status of the report: RUNNING, ERROR 
or COMPLETE. 


Sample - Search reports (no criteria) 


Let us view a list of all reports in the user’s scope. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" 
"https://qualysapi.qualys.com/gps/rest/3.8/search/was/report" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/20881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd" 
<ServiceResponse> 
<count>3</count> 
<data> 
<list> 
<Report> 
<id>1393</id> 
<name><! [CDATA[Web Application Report 1] ]></name> 
<type>WAS_WEBAPP_REPORT</type> 
<format>PDF</format> 
<status>COMPLETE</status> 
<size>2244667</size> 
<creationDate>2017-11-25T10: 20:06Z</creationDate> 
<tags> 
<count>®</count> 
</tags> 
<owner> 
<id>123056</id> 
<username>username</username> 


<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</owner> 
</Report> 
<Report> 
<id>1394</id> 
<name><![CDATA[Web Application Report 2]]></name> 
<type>WAS _WEBAPP_REPORT</type> 
<format>PDF</format> 
<status>COMPLETE</status> 
<size>124578</size> 
<creationDate>2017-11-25T10: 21:25Z</creationDate> 
<tags> 
<count>®</count> 
</tags> 
<owner> 
<id>123056</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><![CDATA[Smith] ]></lastName> 
</owner> 
</Report> 
<Report> 
<id>1282</id> 
<name><![CDATA[Web Application Report 3]]></name> 
<type>WAS _WEBAPP_REPORT</type> 
<format>PDF</format> 
<status>COMPLETE</status> 
<size>12341234</size> 
<creationDate>2817-11-24T008:88:88Z</creationDate> 
<tags> 
<count>®</count> 
</tags> 
<owner> 
<id>123056</id> 
<username>username</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><![CDATA[Smith ] ]></lastName> 
</owner> 
</Report> 
Sp SE 
</data> 
<isDone>true</isDone> 
<responseCode>SUCCESS</responseCode> 
<responseErrorDetails> 
<internalErrorCodeld>®</internalErrorCodeld> 


</responseErrorDetails> 
</ServiceResponse> 


Sample - Search for a particular report 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/search/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="tags.id" operator="EQUALS">99511</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd" 
<ServiceResponse> 
<count>1</count> 
<data> 
<list> 
<Report> 
<id>1302</id> 
<name><![CDATA[Web Application Report 2] ]></name> 
<type>WAS_WEBAPP_REPORT</type> 
<format>PDF_ENCRYPTED</format> 
<status>COMPLETE</status> 
<size>2244667</size> 
<creationDate>2017-11-24T00:00:00Z</creationDate> 
<tags> 
<count>1</count> 
</tags> 
<distributionList> 
<count>12</count> 
</distributionList> 


<owner> 
<id>123056</id> 
<username>username</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</owner> 
</Report> 
</list> 
</data> 
<isDone>true</isDone> 
<responseCode>SUCCESS</responseCode> 
<responseErrorDetails> 
<internalErrorCodeIld>®</internalErrorCodeld> 
</responseErrorDetails> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/report.xsd 


Get Report Details 
/qps/rest/3.0/get/was/report/<id> 


[GET] 


View details for a report which is in the user’s scope. Want to find a report ID 
to use as input? See Search reports. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes reports in the user's scope. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies the report. 


Click here for available operators 


Sample - View details of a report 


Let us view details for a report with ID 1502. 


API request 


curl -n -u “USERNAME : PASSWORD" 
“https://qualysapi.qualys.com/gps/rest/3.0/get/was/report/1302" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report. xsd" 
<ServiceResponse> 
<count>1</count> 
<data> 
<Report> 
<id>1302</id> 
<name><![CDATA[Web Application Report 2] ]></name> 
<type>WAS WEBAPP_REPORT</type> 


<format>PDF_ENCRYPTED</format> 
<status>COMPLETE</status> 
<size>2244667</size> 
<creationDate>2018-11-24T00:00:00Z</creationDate> 
<lastDownloadDate>2018-11-09T00:00:00Z</ lastDownloadDate> 
<downloadCount>1</downloadCount> 
<tags> 
<count>2</count> 
<list> 
<Tag> 
<id>99509< /id> 
<name><![CDATA[Tag 1]]></name> 
</Tag> 
<Tag> 
<id>99510</id> 
<name><! [CDATA[Tag 2]]></name> 
</Tag> 
</ List> 
</tags> 
<distributionList> 
<count>2</count> 
<list> 
<EmailAddress><![CDATA[email1@company .com]]></EmailAddress> 
<EmailAddress><![CDATA[email2@company .com]]></EmailAddress> 
</list> 
</distributionList> 
<owner> 
<id>123056</id> 
<username>username</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</owner> 
</Report> 
</data> 
<responseCode>SUCCESS</responseCode> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Get Report Status 
/aps/rest/3.0/status/was/report/<id> 


[GET] 


Retrieve the status of a report which is in the user’s scope. Want to find a 
report ID to use as input? See Search reports. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes reports in the user's scope. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies the report. 


Click here for available operators 


Sample - Get report status of a particular report 


Let us view details for report with ID 1502. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/status/was/report/1302" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/200@1/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report. xsd" 
<ServiceResponse> 
<count>1</count> 
<data> 
<Report> 
<id>1302</id> 
<status>COMPLETE</status> 
</Report> 


</data> 
<responseCode>SUCCESS</responseCode> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Download Report 
/aps/rest/3.0/download/was/report/<id> 
[GET] 


Download a report which is in the user’s scope. Want to find a report ID to use 
as input? See Search reports. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes reports in the user's scope. 


Input Parameters 
The element “id” Cinteger) is required, where “id” identifies the report. 


Click here for available operators 


Sample - Download a report 


Let us view download a report with ID 1302. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/gps/rest/3.8/download/was/report/1302 


XML response 
Report ID 1302 will be downloaded in the format in which it was generated. 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Send Encrypted PDF Report 


/aps/rest/3.0/send/was/report/<id> 


[POST] 


Send an encrypted PDF report, which is in the user’s scope, to a distribution 
list. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Distribute 
Report” permission. The output includes reports in the user's scope. 


Input Parameters 


The elements “id” (integer) and “distributionList” (text) are required, where 
“id” identifies a report and “distributionList” identifies the email addresses of 
the report recipients. 


Click here for available operators 


Sample - Send Encrypted PDF Report 


Let us send an encrypted PDF report to a distribution list. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
@data-binary 
"https://qualysapi.qualys.com/qps/rest/3.0/send/was/report/1302" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<distributionList> 
<add> 
<EmailAddress><![CDATA[emaill@abc.com] ]></EmailAddress> 


<EmailAddress><![CDATA[email2@abc.com] ]></EmailAddress> 
</add> 
</distributionList> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd" 
<ServiceResponse> 
<count>1</count> 
<data> 
<Report> 
<id>1302</id> 
</Report> 
</data> 
<responseCode>SUCCESS</responseCode> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report .xsd 


Update Report 
/aps/rest/3.0/update/was/report/<id> 


[POST] 


Update the tags assigned to a report which is in the user's scope. Want to find 
a report ID to use as input? See Search reports. 


Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access” and "Edit 
Report” permission. The output includes reports in the user's scope. 


Input Parameters 


The elements “id” (integer) and “tags” (complex element) are required, where 
“id” identifies a report and “tags” identifies tags to be added or removed. 


The element “showPatched” can be set to filter the report to include/not 
include findings with virtual patches. Applies to Web Application Report and 
Scan Report. This filter can be set to: 

SHOW_ONLY - show patched findings only 

SHOW BOTH - show patched & unpatched findings (default) 

SHOW_NONE - show unpatched findings only 


Click here for available operators 


Sample - Update a report - add a tag 


Let us update the a report with ID 1304 by tagging the report. 


API request 


curl -u "USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/report/1304" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<tags> 
<SSe@> 
<Tag> 
<id>99509</id> 
</Tag> 
<Tag> 
<id>99510</id> 
</Tag> 
</set> 
</tags> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd" 
<ServiceResponse> 
<count>1</count> 
<data> 
<Report> 
<id>1304</id> 
</Report> 
</data> 
<responseCode>SUCCESS</responseCode> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/report.xsd 


Delete Report 
/aps/rest/3.0/delete/was/report/<id> 
/aps/rest/3.0/delete/was/report 
[POST] 


Delete a report which is in the user’s scope. Want to find a report ID to use as 
input? See Search reports. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Delete 
Report” permission. The output includes reports in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. To delete one report 
by the report ID, the id element is required. the other elements listed below 
are used to delete reports based on filters. See Reference: Report for 
descriptions of these <Report> elements. 


Click here for available operators 


Parameter Description 


id (integer) The report ID. This element is assigned by the 
service and is required for a certain type of request 
(details, status, update, delete, send or download). 


name (text) A report name (maximum 256 characters). 
Applies to all reports. 


tags.id (integer) ID of the tag associated with the report. 
tags.name (text) Name of the tag associated with the report. 


creationDate (date) The date when the report was created in UTC 


date/time format (YYYY-MM-DDTHH:MM:SSZ). 


type (keyword) The report type, one of: 
WAS SCAN REPORT, WAS WEBAPP REPORT, 
WAS SCORECARD REPORT, 
WAS CATALOG REPORT, DATALIST REPORT. 


format (keyword) The format of the report, one of: 
HTML ZIPPED, HTML BASE64, PDF, 
PDF ENCRYPTED, POWERPOINT, CSV, XML, WORD. 


status (keyword) The status of the report: RUNNING, ERROR 
or COMPLETE. 


Sample - Delete a single report 


Let us delete report with the ID 6555. 


API request 


curl -u “USERNAME : PASSWORD" -H "content-type: text/xml" -X "POST" 
"https://qualysapi.qualys.com/qps/rest/3.0/delete/was/report/6333" 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>6333</id> 
</Report> 
</data> 


Sample - Delete reports - criteria 


Let us delete reports matching one or both of these criteria: 1) reports with 
names that contain the string “to be deleted”, and 2) reports that are 
completed (having the status COMPLETED). 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/delete/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">to be 
deleted</Criteria> 
<Criteria field="status" operator="EQUALS">COMPLETE</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>1542</id> 
</Report> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/report.xsd 


Report Creation 


Create Report 
/aps/rest/3.0/create/was/report 


[POST] 


Using the Report Creation API you can create different types of report: Web 
Application Report, Scan Report, Scorecard Report, Catalog Report. 


Note: You can generate a report without the template ID or display and filter 
information. In such a case, we will use the default template based on the type 
of the report to generate the report. 


Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access” and “Create 
Report”. 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Web Application Report 
/aps/rest/3.0/create/was/report 


[POST] 


Using the Report Creation API you can create the Web Application Report. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Create 
Report”. 


Note: Report creation may sometimes fail if the report is created for large 
number of web applications. To avoid such failures, we have now categorized 
report creation as per the number of web applications being included in the 
report. For web applications less than or equal to 500, you can create the 
report. But if the number of web applications exceeds 500, report cannot be 
created and error message is displayed in such cases. 


The categorization is as follows: 


Number of Web Applications Create Report (API) 


Less than or equal to 500 


More than 500 No 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 


name (text) Name of the report. 


type 


format 


template.id 


config*(1) 


tags.id 


tags.name 


password 


distributionList* 


Note: Generating a report without template will allow you 
to assign a name to the report. If you use template during 
report generation, the name you provide in the request is 
ignored and the template name is assigned to the report. 


(keyword) Type of the report, one of: 
WAS_SCAN_REPORT, WAS WEBAPP REPORT, 
WAS SCORECARD REPORT, WAS CATALOG REPORT 


(keyword) Report format, one of: WORD, HTML ZIPPED, 
HTML_BASE64, PDF, PDF_ENCRYPTED, CSV, CSV_V2, 
XML, POWERPOINT 


(integer) The template ID. This element is assigned by the 
system and is required for a certain type of request. 


The “config” element must have one and only one of 
these child elements: webAppReport, scanReport, 
catalogReport or scorecardReport. Refer to Reference: 
Report for more details. 


(integer) ID of the tag associated with the web 
application. 


(text) Name of the tag associated with the web 
application. 


(text) The password for a PDF encrypted report. 


This element specifies the email addresses for 
distribution of the report. 


Example: 
<distributionList> 
<count>2</count> 
<list> 
<EmailAddress><![CDATA[1@abc.com] ]></EmailAddress> 
<EmailAddress><![CDATA[ 2@abc.com] ]></EmailAddress> 
</list> 
</distributionList> 


Sample - Create web app report - minimum criteria 


Let us create a web application report in encrypted PDF format, setting both 
tags and web applications for the target. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<name><! [CDATA[API Web Application Report] ]></name> 
<description><![CDATA[PDF WebApp report] ]></description> 
<format>PDF</format> 
<type>WAS_WEBAPP_REPORT</type> 
<config> 
<webAppReport> 
<target> 
<webapps> 
<WebApp><id>8223303</id></WebApp> 
</webapps> 
</target> 
</webAppReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 
<Report> 


<id>1085046</id> 
</Report> 
</data> 
</ServiceResponse> 


Sample - Create a web application report - use tags as target 


Let us create a web application report using tags to add web applications as 
target for the report. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/create/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[Web App Report] ]></name> 
<format>PDF</format> 
<type>WAS_WEBAPP_REPORT</type> 
<config> 
<webAppReport> 
<target> 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 
<Tag> 
<id>12008216</id> 
</Tag> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<Tag> 
<id>12008219</id> 


</Tag> 


</tagList> 
</excluded> 
</tags> 
</target> 
</webAppReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/ 
was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report><id>981654</id> 
</Report> 
</data> 
</ServiceResponse> 


Sample - Create a web application report using report template 


Let’s generate a web application report in PDF format using a specific 
template (identified by its template ID). 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/report/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<name>Web_App_Report</name> 


<description><![CDATA[A web application 
report | ]></description> 
<type>WAS_WEBAPP_REPORT</type> 


<format>PDF</format> 
<config> 
<webAppReport> 
<target> 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 
<Tag> 
<id>12001856</id> 
</Tag> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<Tag> 
<id>12001856</id> 
</Tag> 
</tagList> 
</excluded> 
</tags> 
</target> 
</webAppReport> 
</config> 
<template> 
<id>876048</id> 
</template> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
o/ 
was/report.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<Report> 


<id>973056</id> 
</Report> 
</data> 
</ServiceResponse> 


Sample - Create a web application report using CSV_V2 format 


Let’s generate a web application report in CSV_V2 format. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/create/was/report/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[Web Application Report for Servers ]]></name> 
<format >CSV_V2</format> 
<template> 
<id>46440</id> 
</template> 
<config> 
<webAppReport> 
<target> 
<webapps> 
<WebApp> 
<id>470281</id> 
</WebApp> 
</webapps> 
</target> 
</webAppReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 
<?xml version="1.8" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>214158</id> 
</Report> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Scan Report 
/aps/rest/3.0/create/was/report 


[POST] 


Using the Report Creation API you can create the Scan Report. A scan report 
shows you the results of scans on a particular web application. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Create 
Report”. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. The element “target” 
is required and at least one “scans” child element is required. For details, refer 
to Reference: Report Creation. 


Click here for available operators 


Parameter Description 

target.scans (WasScan) The web applications to 
be scanned. 

filters.searchlists (SearchList) Number of search lists 


to report on vulnerabilities in those 
lists. If no search lists are selected, 
the report will include all findings. 


filters.url (text) Number of URLs of the web 
applications to being scanned. 


filters.status (ScanFindingStatus) Select status of 
vulnerabilities to be included in this 
report: New, Active, Re-opened, 
Fixed, Protected. 


filters.remediation.showPatched 


filters.remediation.ignoredReasons 


display.contents 


display.graphs 


display.groups 


display.options 


filters.remediation.showlgnored 


format 


(keyword) Specify the filter to 
include ignored or patched findings 
(vulnerabilities and sensitive 
content) in this report. Show 
patched filter: SHOW_ONLY, 
SHOW_NONE, SHOW BOTH - 
default. 


(keyword) The reason to ignore a 
finding: FALSE_POSITIVE, 
RISK_ACCEPTED, 
NOT_APPLICABLE. 


(ScanAppReportContent) The report 
content: Description, Summary, 
Results, Individual Records, Details, 
AllResults, Appendix, Severity Levels. 


(ScanAppReportGraph) The graphs 
to be included in the report: 
Vulnerabilities by severity, 
Vulnerabilities by status, 
Vulnerabilities by group, Sensitive 
contents by group, Vulnerabilities by 
OWASP, Vulnerabilities by WASC, 
Most vulnerable URLs. 


(ScanAppReportGroup) The group 
category to be included in the 
report: URL, OWASP, WASC, State, 
Category, QID, Group. 


(rawLevels) (Urgent), 4 (Critical), 3 
(Serious), 2 (Medium), 1 (Minimal) 


(boolean) Specify if you wish to 
include ignored or patched findings. 


(keyword) Report format, one of: 
WORD, HTML_ZIPPED, 
HTML_BASE64, PDF, 
PDF_ENCRYPTED, CSV, CSV_V2, 


XML, POWERPOINT 


Sample - Create a scan report 


Let us create a scan report in HTML ZIPPED format, selecting a single scan for 
the target. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/create/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[with all parameters HTML_ZIPPED]]></name> 
<description><![CDATA[A simple scan report] ]></description> 
<format>HTML_ZIPPED</format> 
<type>WAS SCAN _REPORT</type> 
<config> 
<scanReport> 
<target> 
<scans> 
<WasScan> 
<id>104268</id> 
</WasScan> 
</scans> 
</target> 
<display> 
<contents> 
<ScanReportContent>DESCRIPTION</ScanReportContent> 
<ScanReportContent>SUMMARY</ScanReportContent> 
<ScanReportContent>GRAPHS</ScanReportContent> 
<ScanReportContent>RESULTS</ScanReportContent> 
<ScanReportContent >INDIVIDUAL_RECORDS</ScanReportContent> 
<ScanReportContent>RECORD_DETAILS</ScanReportContent> 
<ScanReportContent>ALL_RESULTS</ScanReportContent> 
<ScanReportContent>APPENDIX</ScanReportContent> 
</contents> 


Graph> 
ph> 
ph> 

h> 


Graph> 


<graphs> 
<ScanReportGraph>VULNERABILITIES BY SEVERITY</ScanReport 


<ScanReportGraph>VULNERABILITIES BY GROUP</ScanReportGra 
<ScanReportGraph>VULNERABILITIES BY OWASP</ScanReportGra 
<ScanReportGraph>VULNERABILITIES BY WASC</ScanReportGrap 
<ScanReportGraph>SENSITIVE CONTENTS _BY_GROUP</ScanReport 


</graphs> 
<groups> 
<ScanReportGroup>URL</ScanReportGroup> 
<ScanReportGroup>GROUP</ScanReportGroup> 
<ScanReportGroup>OWASP</ScanReportGroup> 
<ScanReportGroup>WASC</ScanReportGroup> 
<ScanReportGroup>STATUS</ScanReportGroup> 
<ScanReportGroup>CATEGORY</ScanReportGroup> 
<ScanReportGroup>QID</ScanReportGroup> 
</groups> 
<options> 
<rawLevels>true</rawLevels> 
</options> 
</display> 
<filters> 
<searchlists> 
<SearchList> 
<id>43147</id> 
</SearchList> 
</searchlists> 
<url>http: //www.mysite.com/help.html</url> 
<status> 
<ScanFindingStatus>NEW</ScanFindingStatus> 
<ScanFindingStatus>ACTIVE</ScanFindingStatus> 
<ScanFindingStatus>REOPENED</ScanFindingStatus> 
<ScanFindingStatus>FIXED</ScanFindingStatus> 
</status> 
</filters> 
</scanReport> 


</config> 


</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>3629</id> 
</Report> 
</data> 
</ServiceResponse> 


Sample - Create a scan report with remediation filter options 


Let us create a scan report with remediation filter options to either include 
ignored findings. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/create/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[with all parameters HTML_ZIPPED] ]></name> 
<description><![CDATA[A scan report with ignored 
findings] ]></description> 
<format>HTML_ZIPPED</format> 
<type>WAS SCAN REPORT</type»> 
<config> 
<scanReport> 
<target> 
<scans> 
<WasScan> 
<id>104268</id> 
</WasScan> 


Graph> 
ph> 
ph> 

h> 


Graph> 


</scans> 
</target> 
<display> 
<contents> 
<ScanReportContent>DESCRIPTION</ScanReportContent> 
<ScanReportContent>SUMMARY</ScanReportContent> 
<ScanReportContent>GRAPHS</ScanReportContent> 
<ScanReportContent>RESULTS</ScanReportContent> 
<ScanReportContent>INDIVIDUAL_RECORDS</ScanReportContent> 
<ScanReportContent>RECORD_DETAILS</ScanReportContent> 
<ScanReportContent >ALL_RESULTS</ScanReportContent> 
<ScanReportContent>APPENDIX</ScanReportContent> 
</contents> 
<graphs> 
<ScanReportGraph>VULNERABILITIES_BY_SEVERITY</ScanReport 


<ScanReportGraph>VULNERABILITIES_BY_GROUP</ScanReportGra 
<ScanReportGraph>VULNERABILITIES_BY_OWASP</ScanReportGra 
<ScanReportGraph>VULNERABILITIES_BY_WASC</ScanReportGrap 
<ScanReportGraph>SENSITIVE_CONTENTS_BY_GROUP</ScanReport 


</graphs> 

<groups> 
<ScanReportGroup>URL</ScanReportGroup> 
<ScanReportGroup>GROUP</ScanReportGroup> 
<ScanReportGroup>OWASP</ScanReportGroup> 
<ScanReportGroup>WASC</ScanReportGroup> 
<ScanReportGroup>STATUS</ScanReportGroup> 
<ScanReportGroup>CATEGORY</ScanReportGroup> 
<ScanReportGroup>QID</ScanReportGroup> 

</groups> 

<options> 
<rawLevels>true</rawLevels> 

</options> 

</display> 
<filters> 

<searchlists> 

<SearchList> 
<id>43147</id> 

</SearchList> 

</searchlists> 

<url>http://www.mysite.com/help.html</url> 

<remediation> 


<showIgnored>SHOW_BOTH</showIgnored> 
<ignoredReasons> 
<IgnoredReason>FALSE POSITIVE</IgnoredReason> 
<IgnoredReason>RISK_ACCEPTED</IgnoredReason> 
<IgnoredReason>NOT_APPLICABLE</IgnoredReason> 
</ignoredReasons> 
</remediation> 
</filters> 
</scanReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>202447</id> 
</Report> 
</data> 
</ServiceResponse> 


Sample - Create a scan report using report template 


Let’s generate a scan report in PDF format using a specific template 
(identified by its template ID). 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/create/was/report/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8"?> 


<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[Scan Report for Servers ]]></name> 
<format>PDF</format> 
<template> 
<id>876049< /id> 
</template> 
<config> 
<scanReport> 
<target> 
<scans> 
<WasScan> 
<id>2252466</id> 
</WasScan> 
</scans> 
</target> 
</scanReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
0/ 
was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<a> 972057 <7 10> 
</Report> 
</data> 
</ServiceResponse> 


Sample - Create a scan report in CSV_V2 format 


Let’s generate a scan report in CSV-V2 format. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/report/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[Scan Report for Servers] ]></name> 
<format>CSV_V2</format> 
<template> 
<id>46441</id> 
</template> 
<config> 
<scanReport> 
<target> 
<scans> 
<WasScan> 
<id>1667002</id> 
</WasScan> 
</scans> 
</target> 
</scanReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xXSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>214159</id> 
</Report> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Scorecard Report 

/aps/rest/3.0/create/was/report 

[POST] 

Using the Report Creation API you can create the Scorecard Report. A 
Scorecard Report ranks the vulnerability of your web applications. 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access” and “Create 
Report”. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. For details, refer to 
Reference: Report Creation. 


Click here for available operators 


Parameter Description 

target.webapps (WebApp) The web applications to 
be scanned. 

target.tags.included.option (keyword: ALL or ANY) Decides 


which web applications should be 
included in the scan. 


ALL : Only the web applications 
associated with all the specified tags 
are included in the scan. 


ANY : Only the web applications 


associated with any of the specified 
tags included in the scan. 


target.tags.included.tagList.Tag.id (integer) The web applications 


filters.searchlists 


filters.scanDate 


filters.scanStatus 


filters.scanAuthStatus 


format 


display.contents 


target.tags.excluded.option 


target.tags.excluded.option 


associated with the tag (identified by 
the specified tag ID) are included in 
the scan. 


(SearchList) Number of search lists 
to report on vulnerabilities in those 
lists. If no search lists are selected, 
the report will include all findings. 


(DatetimeRange) Filter by Scan date. 


(WasScanConsolidatedStatus) Filter 
by scan status. 


(WasScanAuthStatus) Filter by 
authentication status of the scan. 


(keyword) Report format, one of: 
WORD, HTML_ZIPPED, 
HTML_BASE64, PDF, 
PDF_ENCRYPTED, CSV, CSV_V2, 
XML, POWERPOINT 


(ScanAppReportContent) The report 
content: Description, Summary, 
Results, Individual Records, Details, 
AllResults, Appendix, Severity Levels. 


(Keyword) Value is ALL or ANY 


(keyword: ALL or ANY) Decides 
which web applications should be 
excluded from the scan. 


ALL : Only the web applications 
associated with all the specified tags 
are excluded from the scan. 


ANY : Only the web applications 
associated with any of the specified 
tags are excluded from the scan. 


target.tags.excluded.tagList.Tag.id (integer) The web applications 
associated with the tag (identified by 
the specified tag ID) are excluded 
from the scan. 


display.graphs (ScanAppReportGraph) The graphs 
to be included in the report: 
Vulnerabilities by severity, 
Vulnerabilities by status, 
Vulnerabilities by group, Sensitive 
contents by group, Vulnerabilities by 
OWASP, Vulnerabilities by WASC, 
Most vulnerable URLs. 


display.groups (ScanAppReportGroup) The group 
category to be included in the report: 
URL, OWASP, WASC, State, 
Category, QID, Group. 


display.options (rawLevels) (Urgent), 4 (Critical), 3 
(Serious), 2 (Medium), 1 (Minimal) 


Sample - Create a scorecard report 


Let us create a scorecard report in PDF format, selecting a single tag for the 
target. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/create/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[ with all parameters PDF with rawLevel 
false] ]></name> 


<description><![CDATA[A simple scorecard report] ]></description> 
<format>PDF</format> 
<type>WAS_SCORECARD_REPORT</type> 
<config> 
<scorecardReport> 
<target> 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 
<Tag> 
<id>7821676</id> 
</Tag> 
</tagList> 
</included> 
</tags> 
</target> 
<display> 
<contents> 
<ScorecardReportContent>DESCRIPTION</ScorecardReportCont 
ent> 
<ScorecardReportContent>SUMMARY</ScorecardReportContent> 
<ScorecardReportContent>GRAPHS</ScorecardReportContent> 
<ScorecardReportContent>RESULTS</ScorecardReportContent> 
</contents> 
<graphs> 
<ScorecardReportGraph>VULNERABILITIES_BY_GROUP</ScorecardRepo 
rtGraph> 
<ScorecardReportGraph>VULNERABILITIES_BY_OWASP</ScorecardRepo 
rtGraph> 
<ScorecardReportGraph>VULNERABILITIES_BY_WASC</ScorecardRepor 
tGraph> 
</graphs> 
<groups> 
<scorecardReportGroup>GROUP</ScorecardReportGroup> 
<ScorecardReportGroup>OWASP</ScorecardReportGroup> 
<ScorecardReportGroup>WASC</ScorecardReportGroup> 
</groups> 
<options> 
<rawLevels>false</rawLevels> 
</options> 
</display> 
<filters> 
<searchlists> 
<SearchList> 
<id>43147</id> 


</SearchList> 
<SearchList> 
<id>43147</id> 
</SearchList> 
</searchlists> 
<scanDate> 
<startDate>2017-08-28</startDate> 
<endDate>2017-10-28</endDate> 
</scanDate> 
<scanStatus>NO_HOST_ALIVE</scanStatus> 
<scanAuthStatus>NONE</scanAuthStatus> 
</filters> 
</scorecardReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>4629</id> 
</Report> 
</data> 
</ServiceResponse> 


Sample - Create a scorecard report using the report template 


Let’s generate a scorecard report in HTML format using a specific template 
(identified by its template ID). 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/create/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<Report> 

<name>Report_@8</name> 
<description><![CDATA[A scorecard report] ]></description> 
<type>WAS SCORECARD REPORT</type> 
<format>HTML_ZIPPED</format> 


<template> 
<id>876051</id> 
</template> 
<config> 
<scorecardReport> 
<target> 
<tags> 
<included> 
<option>ALL</option> 
<tagList> 
<Tag> 
<td> 119996292 /1d> 
</Tag> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<Tag> 
<td> 11999629%< /1d> 
</Tag> 
</tagList> 
</excluded> 
</tags> 
</target> 
</scorecardReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 
<?xml version="1.8" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
o/ 
was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>973058</id> 
</Report> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/report.xsd 


Catalog Report 
/aps/rest/3.0/create/was/report 


[POST] 


Using the Report Creation API you can create the Catalog Report. A Catalog 
Report shows you the number and status of entries in your web application 
catalog. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Create 
Report”. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. The element “target” 
is required and at least one “scans” child element is required. For details, refer 
to Reference: Report Creation. 


Click here for available operators 


Parameter Description 


filters.scanDate (DatetimeRange) Filter by scan date. 


filters.url (text) Filter by web app URL. 

filters.ip (text) Filter by IP address. 

filters.os (text) Filter by OS. 

filters.status (EntryStatus) Filter by status. 

format (keyword) Report format, one of: WORD, 


HTML_ZIPPED, HTML_BASE64, PDF, 
PDF_ENCRYPTED, CSV, CSV_V2, AML, POWERPOINT 


display.contents (ScanAppReportContent) The report content: 
Description, Summary, Results, Individual Records, 
Details, AllResults, Appendix, Severity Levels. 


display.graphs (ScanAppReportGraph) The graphs to be included in 
the report: Vulnerabilities by severity, Vulnerabilities by 
status, Vulnerabilities by group, Sensitive contents by 
group, Vulnerabilities by OWASP, Vulnerabilities by 
WASC, Most vulnerable URLs. 


display.groups (ScanAppReportGroup) The group category to be 
included in the report: URL, OWASP, WASC, State, 
Category, QID, Group. 


display.options (rawLevels) 5 (Urgent), 4 (Critical), 3 (Serious), 2 
(Medium), 1 (Minimal) 


Sample - Create a catalog report 


Let us create a catalog report in CSV format, selecting a single tag for the 
target. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[with all parameters CSV]]></name> 
<description><![CDATA[A simple Catalog report] ]></description> 
<type>WAS_CATALOG_REPORT</type> 
<format>CSV</format> 
<config> 
<catalogReport> 
<display> 


<contents> 
<CatalogReportContent>DESCRIPTION</CatalogReportContent> 
<CatalogReportContent>SUMMARY</CatalogReportContent> 
<CatalogReportContent>GRAPHS</CatalogReportContent> 
<CatalogReportContent>RESULTS</CatalogReportContent> 
<CatalogReportContent>INDIVIDUAL RECORDS</CatalogReportC 


ontent> 
</contents> 
<graphs> 
<CatalogReportGraph>ENTRIES ADDED OVER TIME</CatalogRepo 
rtGraph> 
<CatalogReportGraph>ENTRIES BY_STATUS</CatalogReportGrap 
h> 
</graphs> 
<groups> 
<CatalogReportGroup>STATUS</CatalogReportGroup> 
<CatalogReportGroup>OPERATING SYSTEM</CatalogReportGroup 
> 
</groups> 
</display> 
<filters> 
<status> 
<EntryStatus>NEW</EntryStatus> 
<EntryStatus>SUBSCRIPTION</EntryStatus> 
<EntryStatus>ROGUE</EntryStatus> 
<EntryStatus>APPROVED</EntryStatus> 
<EntryStatus>REJECTED</EntryStatus> 
</status> 
<scanDate> 
<startDate>2017-06-29</startDate> 
<endDate>2017-06-29</endDate> 
</scanDate> 
<url><![CDATA[mysite. fr] ]></url> 
<os><![CDATA[ unix] ]></os> 
</filters> 
</catalogReport> 
</config> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>5629</id> 
</Report> 
</data> 
</ServiceResponse> 


Sample - Create a catalog report using report template 


Let’s generate a catalog report in PDF format using a specific template 
(identified by its template ID). 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/create/was/report" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceRequest> 
<data> 
<Report> 
<name><![CDATA[Catalog Report for Servers] ]></name> 
<description><![CDATA[A simple catalog 
report | ]></description> 
<format >PDF</format> 
<template> 
<id>876050</id> 
</template> 
</Report> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/ 
xsd/3.8/was/report.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Report> 
<id>973058</id> 
</Report> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Report Template Count 
/aps/rest/3.0/count/was/reporttemplate 


[POST] 


Returns the total number of report templates in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. 

Input Parameters 

These elements are optional and act as filters. When multiple elements are 


specified, parameters are combined using a logical AND. See Reference: 
Report Creation for details. 


Click here for available operators 


Parameter Description 


id (integer) The report ID. This element is assigned by the 
service and is required for a certain type of request 
(details, status, update, delete, send or download). 


name (text) A report name (maximum 256 characters). 
Applies to all reports. 


type (keyword) The report type, one of: 
WAS_SCAN_REPORT, WAS_WEBAPP_REPORT, 
WAS_SCORECARD_REPORT, 
WAS_CATALOG_REPORT, DATALIST_REPORT. 


Sample - Count the report templates 


You can search for templates by using different filters for template ID, 
template name or type of report. Let’s consider an example of searching 
report template using filter for template ID. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/count/was/reporttemplate" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="EQUALS">1234</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
o/ 
was/reporttemplate.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>6</count> 

</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Search Report Template 
/aps/rest/3.0/search/was/reporttemplate 


[POST] 


You can search for existing report templates 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. The element “target 
is required and at least one “scans” child element is required. See Reference: 
Report Creation for details. 
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Click here for available operators 


Parameter Description 


id (integer) The report ID. This element is assigned by the 
service and is required for a certain type of request 
(details, status, update, delete, send or download). 


name (text) A report name (maximum 256 characters). 
Applies to all reports. 


type (keyword) The report type, one of: 
WAS SCAN REPORT, WAS WEBAPP REPORT, 
WAS SCORECARD REPORT, 
WAS CATALOG REPORT, DATALISTSREPORT. 


Sample - Search report templates 


You can search for templates by using different filters for template ID, 
template name or type of report. Let’s consider an example of searching 
report template using filter for template ID. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/search/was/reporttemplate" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="EQUALS">876048</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
o/ 
was/reporttemplate.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<ReportTemplate> 
<id>876048</id> 
<name><![CDATA[Web Application Report] ]></name> 
<description> 
<![CDATA[Each targeted web application is listed with 
the total number of detected vulnerabilities and sensitive content. ] ]> 
</description> 
<owner> 
<id>23220145</id> 
<username>username</username> 
<firstName><![CDATA[ John] ]></firstName> 
<lastName><![CDATA[Smith] ]></lastName> 
</owner> 
<type>WAS_WEBAPP_REPORT</type> 
<creationDate>2017-84-11T09:29:23Z</creationDate> 
<tags> 


<count>@</count> 
</tags> 
<config> 
<webAppReportTemplate> 
<display> 

<contents> 
<WebAppReportContent>DESCRIPTION</WebAppReportContent> 
<WebAppReportContent>SUMMARY</WebAppReportContent> 
<WebAppReportContent>GRAPHS</WebAppReportContent> 
<WebAppReportContent>RESULTS</WebAppReportContent> 
<WebAppReportContent>INDIVIDUAL_RECORDS</WebAppReportContent> 
<WebAppReportContent>RECORD_DETAILS</WebAppReportContent> 
<WebAppReportContent>APPENDIX</WebAppReportContent> 

</contents> 

<graphs> 
<WebAppReportGraph>VULNERABILITIES_BY_SEVERITY</WebAppReportGraph> 
<WebAppReportGraph>VULNERABILITIES_BY_STATUS</WebAppReportGraph> 
<WebAppReportGraph>VULNERABILITIES BY_GROUP</WebAppReportGraph> 
<WebAppReportGraph>VULNERABILITIES BY_OWASP</WebAppReportGraph> 

</graphs> 

<groups> 

<WebAppReportGroup >WEBAPP< /WebAppReportGroup 


<WebAppReportGroup >CATEGORY< /WebAppReportGro 
up> 
<WebAppReportGroup>GROUP</WebAppReportGroup> 
<WebAppReportGroup>QID</WebAppReportGroup> 
</groups> 
<options> 
<rawLevels>true</rawLevels> 
</options> 
</display> 
<filters> 
<includedSearchLists/> 
<excludedSearchLists/> 
<url><![CDATA[null]]></url> 
<status> 
<WebAppFindingStatus>NEW</WebAppFindingStatus 


<WebAppFindingStatus>ACTIVE</WebAppFindingS 
tatus> 
<WebAppFindingStatus>REOPENED</WebAppFindingSta 
tus> 
</status> 
<remediation> 
<showPatched>SHOW_BOTH</showPatched> 


<showIgnored>SHOW_NONE</showIgnored> 

<ignoredReasons> 
<IgnoredReason>NOT_APPLICABLE</IgnoredReason> 
<IgnoredReason>FALSE_POSITIVE</IgnoredReason> 

<IgnoredReason>RISK_ACCEPTED</IgnoredR 

eason> 

</ignoredReasons> 

</remediation> 
</filters> 
</webAppReportTemplate> 
</config> 
</ReportTemplate> 
</data> 

</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/report.xsd 


Get details of Report Template 
/aps/rest/3.0/get/was/reporttemplate/<id> 


[GET] 


View details for a report template which is in the user’s scope. See “Search 
Report Template” to find a record ID to use as input. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. 


Input Parameters 
The element “id” (integer) is required, where “id” identifies the report. 


Click here for available operators 


Sample - Get details of the report template 


Let us get details of a report template. 


API request 


curl -u "USERNAME : PASSWORD" 
“https://qualysapi.qualys.com/gps/rest/3.0/get/was/reporttemplate/8760 
48" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/208081/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/was/reporttemplate.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<ReportTemplate> 
<id>876048</id> 
<name><![CDATA[Web Application Report] ]></name> 
<description> 


<![CDATA[Each targeted web application is listed with 
the total number of detected vulnerabilities and sensitive content. ] ]> 
</description> 
<owner> 
<id>23220145</id> 
<username>john_doe</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</owner> 
<type>WAS_WEBAPP_REPORT</type> 
<creationDate>2017-84-11T09:29:23Z</creationDate> 
<tags> 
<count>®</count> 
</tags> 
<config> 
<webAppReportTemplate> 
<display> 
<contents> 
<WebAppReportContent>DESCRIPTION</WebAppReportContent> 
<WebAppReportContent>SUMMARY</WebAppReportCo 


ntent> 

<WebAppReportContent>GRAPHS</WebAppReportCon 
tent> 

<WebAppReportContent>RESULTS</WebAppReportC 
ontent> 

<WebAppReportContent>INDIVIDUAL_RECORDS</We 
bAppReportContent> 

<WebAppReportContent>RECORD_DETAILS</WebApp 
ReportContent> 

<WebAppReportContent>APPENDIX</WebAppReport 
Content> </contents> 


<graphs> 
<WebAppReportGraph>VULNERABILITIES_BY_SEVERITY</WebAppReportGraph> 
<WebAppReportGraph>VULNERABILITIES BY_STATU 
S</WebAppReportGraph> 
<WebAppReportGraph>VULNERABILITIES BY_GROUP 


</WebAppReportGraph> 

<WebAppReportGraph>VULNERABILITIES BY_OWASP 
</WebAppReportGraph> </graphs> 

<groups> 

<WebAppReportGroup >WEBAPP< /WebAppReportGro 
up> 

<WebAppReportGroup >CATEGORY< /WebAppReportG 
roup> 


<WebAppReportGroup >GROUP</WebAppReportGrou 
p> 


<WebAppReportGroup>QID</WebAppReportGroup> 
</groups> 
<options> 
<rawLevels>true</rawLevels> 
</options> 
</display> 
<filters> 
<includedSearchLists/> 
<excludedSearchLists/> 
<url><![CDATA[null]]></url> 
<status> 
<WebAppFindingStatus>NEW</WebAppFindingStat 


us> 
<WebAppFindingStatus>ACTIVE</WebAppFindingS 
tatus> 
<WebAppFindingStatus>REOPENED</WebAppFindingSt 
atus> 
</status> 
<remediation> 
<showPatched>SHOW_BOTH</showPatched> 
<showI gnored>SHOW_NONE</showIgnored> 
<ignoredReasons> 
<IgnoredReason>NOT_APPLICABLE</IgnoredR 
eason> 


<IgnoredReason>FALSE POSITIVE</IgnoredReason> 
<IgnoredReason>RISK ACCEPTED</IgnoredR 

eason> 

</ignoredReasons> 
</remediation> 
</filters> 
</webAppReportTemplate> 
</config> 
</ReportTemplate> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/report.xsd 


Reference: Report 


The <Report> element includes sub elements used to define a web application 
report. A reference of these elements is provided below. An asterisk * 
indicates a complex element. 


Parameter Description 


id (integer) The report ID. This element is assigned by the 
service and is required for a certain type of request 
(details, status, update, delete, send or download). 


name (text) A report name (maximum 256 characters). 
Applies to all reports. 


Note: Generating a report without template will allow 
you to assign a name to the report. If you use template 
during report generation, the name you provide in the 
request is ignored and the template name is assigned 
to the report. 


description (text) A description of the report. 


owner* This element is assigned by the service and may be 
specified for an update request only. 


Example: 


<owner> 
<id>123056</id> 
<username>username</username> 
<firstName><! [CDATA[ Johns] ]></firstName> 
<lastName><![CDATA[ Smith] ]></lastName> 
</owner> 


type (text) The report type, one of: WAS SCAN REPORT, 
WAS_WEBAPP_REPORT, 
WAS_SCORECARD_REPORT, 
WAS_CATALOG_REPORT, DATALIST_REPORT 


format (text) The format of the report, one of: HTML_ZIPPED, 


tags* 


password 


distributionList* 


config* 


HTML_BASE64, PDF, PDF_ENCRYPTED, 
POWERPOINT, CSV, CSV_V2, XML, WORD 


This element identifies the tags associated with the 
report. 


Example: 
<tags> 
<count>2</count> 
<list> 
<Tag> 
<id>99509</id> 
<name><![CDATA[Tag 1] ]></name> 
</Tag> 
<Tag> 
<id>99511</id> 
<name><![CDATA[Tag 2]]></name> 
</Tag> 
as ty 
</tags> 


(text) The password for a PDF encrypted report. 


This element specifies the email addresses for 
distribution of the report. 


Example: 
<distributionList> 

<count>2</count> 

<list> 

<EmailAddress><![CDATA[1@abc.com]]></EmailAddress> 
<EmailAddress><![CDATA[2@abc.com]]></EmailAddress> 

</list> 
</distributionList> 


The configuration options for report creation. 


Example: 
<config> 
<webAppReport> 
<target> 
<tags> 
<Tag> 


status 


creationDate 


lastDownloadDate 


downloadCount 


<id>102609</id> 
</Tag> 
</tags> 
<webapps> 
<WebApp> 
<id>324538</id> 
</WebApp> 
</webapps> 
</target> 


(keyword) The status of the report: RUNNING, ERROR 
or COMPLETE 


(date) The date when the report was created in UTC 
date/time format (YYYY-MM-DDTHH:MM:SSZ). 


(date) The date when the report was last downloaded 
in UTC date/time format (YYYY-MM-DDTHH:MM:SSZ). 


(integer) The number of times the report has been 
downloaded. 


Reference: Report Creation 


The Report “config” element includes sub elements used to define a web 
application report type. A reference of these elements is provided below. An 
asterisk * indicates a complex element. 


Parameter Description 


id (integer) The report ID. This element is assigned by 
the service and is required for a certain type of 
request (details, status, update, delete, send or 
download). 


name (text) A report name (maximum 256 characters). 
Applies to all reports. 


Note: Generating a report without template will allow 
you to assign a name to the report. If you use 
template during report generation, the name you 
provide in the request is ignored and the template 
name is assigned to the report. 


target* A report target. Applies to all reports. 
Example for a web application report: 


<tags> 
<included> 
<option>ALL</option> 
<tagList> 
<set> 
<Tag><id>12017424</id></Tag> 
<Tag><id>12017228</id></Tag> 
</set> 
</tagList> 
</included> 
<excluded> 
<option>ANY</option> 
<tagList> 
<set> 
<Tag><id>12017228</id></Tag> 
</set> 


template.id 


type (text) 


password (text) 


distributionList* 


display.contents* 


</tagList> 
</excluded> 
</tags> 


(integer) The template ID. This element is assigned by 
the system and is required 


for a certain type of request. 
Example: 


<template> 
<id>876048</id> 
</template> 


The report type, one of: WAS SCAN REPORT, 
WAS WEBAPP REPORT, 

WAS SCORECARD REPORT, 

WAS CATALOG REPORT, DATALIST REPORT 


A password for a encrypted PDF report. Applies to all 
reports. 


Email addresses for a report distribution list. Applies 
to all reports. 


Example: 


<distributionList> 
<set> 
<EmailAddress><EMAIL_ADDRESS1></EmailAddress> 
<EmailAddress><EMAIL_ADDRESS2></EmailAddress> 
</set> 
</distributionList> 


Identifies the report content to display. 


Values: DESCRIPTION, SUMMARY, GRAPHS, 
RESULTS, INDIVIDUAL_RECORDS (all reports) 


Values: RECORD_DETAILS, ALL_RESULTS, 
APPENDIX (Web Application Report and Scan 


display.graphs* 


display.groups* 


Report) 
Example for a Scan Report: 


<display> 
<contents> 
<ScanReportContent>GRAPHS</ScanReportContent> 
<ScanReportContent>RESULTS</ScanReportContent> 
</contents> 
</display> 


Identifies the graphs to display. Applies to all reports. 
Example for a Scan Report: 


<display> 

<graphs> 
<ScanReportGraph> 

MOST_VULNERABLE_URLS 
</ScanReportGraph> 
<ScanReportGraph> 
VULNERABILITIES BY SEVERITY 
</ScanReportGraph> 
<ScanReportGraph> 
VULNERABILITIES BY GROUP 
</ScanReportGraph> 
<ScanReportGraph> 
VULNERABILITIES BY OWASP 
</ScanReportGraph> 
<ScanReportGraph> 
VULNERABILITIES BY WASC 
</ScanReportGraph> 
<ScanReportGraph> 
SENSITIVE CONTENTS BY_GROUP 

</ScanReportGraph> 

</graphs> 

</display> 


Identifies the vulnerability groups to display. Applies 
to all reports. 


Example for a Web Application Report or Scan 
Report: 


display.options* 


filters.searchlists* 


filters.url (text) 


filters.status* 


filters.showPatched 
(keyword) 


<display> 
<groups> 
<WebAppReportGroup>GROUP< /WebAppReportGroup> 
<WebAppReportGroup>OWASP< /WebAppReportGroup> 
<WebAppReportGroup>WASC</WebAppReportGroup> 
</groups> 
</display> 


Specifies whether to display severity using levels (1 
through 5) or using ratings (low, medium, high). 
Applies to all reports. 


Identifies search list filters. Applies to a Web 
Application Report, Scan Report or Scorecard Report. 


Example: 
<filters> 
<SearchLists> 
<SearchList> 
<id>43147</id> 
</SearchList> 
</SearchlLsts> 
</filters> 


Identifies URL filters. Applies to a Web Application 
Report, Scan Report or Catalog Report. 


Example: 
<filters> 
<url>http://www.mysite.com/help.html</url> 


</filters> 


Identifies status filters. Applies to Web Application 
Report, Scan Report and Catalog Report. 


Values for Web Application Report and Scan Report: 
NEW, ACTIVE, REOPENED, FIXED 


Values for Catalog Report: NEW, ROGUE, 
APPROVED, REJECTED, SUBSCRIPTION 


Identifies whether to include/not include findings with 
virtual patches. Applies to Web Application Report 


filters.remediation. 


showlgnored 
(boolean) 


filters.remediation. 


ignoredReasons 
(keyword) 


filters.scanDate* 


filters.scanStatus* 


and Scan Report. 
Values: 
SHOW_ONLY - show patched findings only 


SHOW_BOTH - show patched & unpatched findings 
(default) 


SHOW_NONE - show unpatched findings only 


Include ignored findings: true or false 


Identifies the types of findings to be included in the 
report.Applies to Scan Report. 


Values: 


FALSE_POSITIVE - include false positive findings in 
the report 


RISK_ACCEPTED - include risk accepted findings in 
the report 


NOT_APPLICABLE - include findings marked as not 
applicable in the report 


Applies to a Scorecard Report and Catalog Report. 


Example: 
<filters> 
<scanDate> 
<startDate>2017-08-28</startDate> 
<endDate>2017-10-28</endDate> 
</scanDate> 
</filters> 


Applies to a Scorecard Report. Tip - Specify 
SERVICE_ERROR to include scans with the status 
Service Errors Detected. 


Example: 


filters.scanAuthStatus* 


filters.ip (text) 


filters.os (text) 


<filters> 
<scanStatus>FINISHED</scanStatus> 
</filters> 


Applies to a Scorecard Report 


Example: 

<filters> 
<scanAuthStatus>SUCCESSFUL</scanAuthStatus> 

</filters> 


Applies to a Catalog Report 


Example: 

<filters> 

<ip><! [CDATA[10.56.64. 245] ]></ip> 
</filters> 


Applies to a Catalog Report 


Example: 

<filters> 
<os><![CDATA[ unix] ]></os> 
</filters> 


Findings 


Finding Count 
/aps/rest/3.0/count/was/finding 


[POST] 


Returns the total number of findings on web application(s) in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The count 
includes web applications in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 


id (integer) ID of the finding (WebAppVuln, 
WebApplg, or WebAppSensitiveContent). 


uniqueld (value) The 36-bit unique id assigned to the finding. 
For example: 


<Finding> 
<id>132990</id> 
<uniqueld>8a2c4d51 -6d28-2b92-e053- 
294372@a74ab</uniqueld> 
<qid>150004</qid> 


qid (integer) Qualys ID assigned to the detection. 


name (text) Name of the detection finding. 

type (keyword) Type of the finding: VULNERABILITY, 
SENSITIVE ec ON TENI Gk 
INFORMATION_GATHERED. 


url (text) URL of the web application on which the 
finding was detected. 


webApp.tags.id (date) ID of the tag associated with the web 
application on which the finding was detected. 


webApp.tags.name (text) Name of the tag associated with the web 
application on which the finding was detected. 


status (keyword) Status of the finding: NEW, ACTIVE, 
REOPENED, PROTECTED and FIXED. 


patch (integer-long) Use WAF to protect against 
vulnerabilities by installing virtual patches. 


webApp.id (integer) ID of the web application on which the 
finding was detected. 


webApp.name (text) Name of the web application on which the 
finding was detected. 


severity (integer) Severity of the finding. 


externalRef (string) Tip - Use operator IS EMPTY for findings 
with empty external references. 


ignoredDate (date) The date on which the finding was marked to 
ignore. 
ignoredReason (keyword) The reason for which the finding is 


ignored: FALSE_POSITIVE, RISK_ACCEPTED or 
NOT_APPLICABLE 


group (keyword) XSS, SQL, INFO, PATH, CC, SSN_US or 


owasp.name 


owasp.code 


wasc.name 


wasc.code 


cwe.id 


firstDetectedDate 


lastDetectedDate 


lastTestedDate 


timesDetected 


severity level 


CUSTOM 
(text) Name of the OWASP vulnerability. 


(integer) Code associated with the OWASP 
vulnerability 


(text) Name of the vulnerability. 
(integer) Code of the vulnerability. 
(integer) ID associated with CWE. 


(date) The date when the finding was first detected 
in the web application, 


(date) The date when the finding was last detected 
in the web application. 


(date) The date when the finding was last tested in 
the web application. 


(integer) The count indicating the number of times 
the finding was detected. 


(integer) The severity associated with the 
finding, 2;3,4,5 


Sample - Get count of all findings 


Return the number (count) of all findings in the user’s scope. 


API request 


curl -u “USERNAME : PASSWORD" 


“https://qualysapi.qualys.com/gps/rest/3.0/count/was/finding/ 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2815</count> 
</ServiceResponse> 


Sample - Get count of findings with a criteria 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.@/count/was/finding/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 

<filters> 
<Criteria field="type" 
operator="EQUALS">VULNERABILITY</Criteria> 
<Criteria field="severity" operator="EQUALS">5</Criteria> 
<Criteria field="status" operator="IN">NEW, ACTIVE, 
REOPENED</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>41</count> 
</ServiceResponse> 


Sample - Get details of finding 


If you search for a finding using unique ID Cuniqueld), the count will always be 
one. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/count/was/finding/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="uniqueld" operator="EQUALS">8a2c4d51-6d28-2b92- 
e053 -2943720a74ab</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
XSi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/3.@ 
/was/finding.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/finding.xsd 


Search Findings 

/aps/rest/3.0/search/was/finding 

[POST] 

Returns list of findings (vulnerabilities, sensitive contents, information 
gathered) found in web applications which are in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The output 
includes findings in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 


id (integer) ID of the finding (WebAppVuln, 
WebApplg, or WebAppSensitiveContent). 


uniqueld (value) The 36-bit unique id assigned to the finding. 
For example: 
<Finding> 
<id>132990</id> 
<uniqueld>8a2c4d51 -6d28-2b92-e053- 


294372@a74ab</uniqueld> 
<qid>150004</qid> 


qid (integer) Qualys ID assigned to the detection. 


name (text) Name of the detection finding. 


type 


url 


webApp.tags.id 


webApp.tags.name 


status 


patch 


webApp.id 


webApp.name 


severity 


externalRef 


ignoredDate 


ignoredReason 


group 


(keyword) Type of the finding: VULNERABILITY, 
SENSITIVE_CONTENT, or 
INFORMATION_GATHERED. 


(text) URL of the web application on which the 
finding was detected. 


(date) ID of the tag associated with the web 
application on which the finding was detected. 


(text) Name of the tag associated with the web 
application on which the finding was detected. 


(keyword) Status of the finding: NEW, ACTIVE, 
REOPENED, PROTECTED, and FIXED. 


(integer-long) Use WAF to protect against 
vulnerabilities by installing virtual patches. 


(integer) ID of the web application on which the 
finding was detected. 


(text) Name of the web application on which the 
finding was detected. 


(integer) Severity of the finding. 


(string) Tip - Use operator IS EMPTY for findings 
with empty external references. 


(date) The date on which the finding was marked to 
ignore. 


(keyword) The reason for which the finding is 
ignored: FALSE_POSITIVE, RISK_ACCEPTED or 
NOT_APPLICABLE 


(keyword) XSS, SQL, INFO, PATH, CC, SSN_US or 
CUSTOM 


owasp.name (text) Name of the OWASP vulnerability. 


owasp.code (integer) Code associated with the OWASP 
vulnerability 


wasc.name (text) Name of the vulnerability. 
wasc.code (integer) Code of the vulnerability. 
cwe.id (integer) ID associated with CWE. 


firstDetectedDate (date) The date when the finding was first detected 
in the web application, 


lastDetectedDate (date) The date when the finding was last detected 
in the web application. 


lastTestedDate (date) The date when the finding was last tested in 
the web application. 


timesDetected (integer) The count indicating the number of times 
the finding was detected. 


severity level (integer) The severity associated with the 
finding:1,2,3,4,5 


Sample - Search for finding with specific ID 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/search/was/finding/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<preferences> 
<verbose>true</verbose> 


</preferences> 
<filters> 
<Criteria field="id" operator="EQUALS">156582</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<Finding> 
<id>156582</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
<qid>150124</qid> 
<name> 
<![CDATA[Clickjacking - Framable Page] ]> 
</name> 
<type>VULNERABILITY</type> 
<findingType>QUALYS</findingType> 
<cwe> 
<count>1</count> 
<list> 
<long>451</long> 
laste 
</cwe> 
<owasp> 
<count>1</count> 
CS 
<OWASP > 
<name> 
<![CDATA[Security Misconfiguration ] ]> 
</name> 
<url> 
<! [CDATA[https://www.owasp.org/index.php/T 
op_10-2017_A6-Security_Misconfiguration ] ]> 
</url> 
<code>6</code> 
</OWASP> 
yl Site > 
</owasp> 


<wasc> 
<count>1</count> 
<list> 
<WASC> 
<name> 
<![CDATA[Application Misconfiguration]]> 
</name> 
<url> 
<! [CDATA[http://projects.webappsec.org/w/p 
age/13246914/WASC] ]> 
</ul> 
<code>15</code> 
</WASC> 
</11st> 
</wasc> 
<resultList> 
<count>1</count> 
<list> 
<Result> 
<authentication>false</authentication> 
<ajax>false</ajax> 
<payloads> 
<count>1</count> 
<list> 
<PayloadInstance> 
<payload> 
<![CDATA[N/A]]> 
</payload> 
<request> 
<method> 
<! [CDATA[GET] ]> 
</method> 
<link> 
<! [CDATA[http: //funkytown. 
vuln.ga.qualys.com/cassium/xss/]]> 
</link> 
<headers> 
<![CDATA[ ] ]> 
</headers> 
</request> 
<response> 
<![CDATA[The URI was framed. 


</response> 
</PayloadInstance> 
as 


</payloads> 
</Result> 
</list> 
</resultList> 
<severity>3</severity> 
<url> 
<![CDATA[http: //funkytown. vuln.qa.qualys.com/cassium/x 
ss/]]> 
</url> 
<status>ACTIVE</status> 
<firstDetectedDate>2017-04- 
28T09: 36:13Z</firstDetectedDate> 
<lastDetectedDate>2018-02-21T09: 03: 32Z</lastDetectedDate> 
<lastTestedDate>2018-082-21T09:03:32Z</lastTestedDate> 
<timesDetected>3</timesDetected> 
<webApp> 
<id>286824</id> 
<name> 
<![CDATA[ webapp] ]> 
</name> 
<url> 
<![CDATA[http://funkytown.vuln.ga.qualys.com:88/ca 
ssium/xss/]]> 
</.url> 
<tags> 
<count>2</count> 
is => 
<Tag> 
<id>8753812</id> 
<name> 
<![CDATA[Multiscan]]> 
</name> 
</Tag> 
<Tag> 
<id>9029017</id> 
<name> 
<! [CDATA[TagWebapp1] ]> 
</name> 
</Tag> 
OSE 
</tags> 
</webApp> 
<isIgnored>true</isIgnored> 
<ignoredReason>FALSE POSITIVE</ignoredReason> 
<ignoredBy> 
<id>105686@</id> 


<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</ignoredBy> 
<ignoredDate>2019-83-84T03:19:29Z</ignoredDate> 
<ignoredComment > 
<![CDATA[This is test comment] ]> 
</ignoredComment> 
<retest/> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Search with criteria: condensed response 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gqps/rest/3.8/search/was/finding/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="EQUALS">935943</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xXSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<hasMoreRecords>false</hasMoreRecords> 

<data> 


<Finding> 
<id>935943</id> 
<uniquelId>8a2c4d51 -6d28-2b92-e053-2943720a74ab</uniqueld> 
<qid>150117</qid> 
<name> 
<![CDATA[Path-Based Cross-Site Scripting (XSS)]]> 
</name> 
<type>VULNERABILITY</type> 
<findingType>QUALYS</findingType> 
<severity>5</severity> 
<url> 
<! [CDATA[http://funkytown.vuln.gqa.example.com/cassium/ 
traversal/page_48/%22%3e%3cimg%28src%3dq%28onerror%3dalert (9)%3e | | > 
</url> 
<status>ACTIVE</status> 
<firstDetectedDate>2017-04- 
04T06:15:33Z</firstDetectedDate> 
<lastDetectedDate>2017-04-04T06:16:20Z</lastDetectedDate> 
<lastTestedDate>2017-04-04T06:16:20Z</lastTestedDate> 
<timesDetected>3</timesDetected> 
<webApp> 
<id>4080112</id> 
<name> 
<![CDATA[web app 1491286489688] ]> 
</name> 
<url> 
<! [CDATA[http://funkytown.vuln.qa.example.com:80/c 
assium/xss/]]> 
</url> 
</webApp> 
<isIgnored>true</isIgnored> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Search with criteria: condensed response 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/search/was/finding/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="EQUALS">935943</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<Finding> 
<id>935943</id> 
<uniqueld>8a2c4d51 -6d28-2b92-e053-2943720a74ab</uniqueld> 
<qid>150117</qid> 
<name> 
<![CDATA[Path-Based Cross-Site Scripting (XSS)]]> 
</name> 
<type>VULNERABILITY</type> 
<findingType>QUALYS</findingType> 
<severity>5</severity> 
<url> 
<![CDATA[http: //funkytown. vuln.ga.example.com/cassium/ 
traversal/page_48/%22%3e%3cimg%28src%3dq%28onerror%3dalert (9)%3e | | > 
</url> 
<status>ACTIVE</status> 
<firstDetectedDate>2017-04- 
04T06:15:33Z</firstDetectedDate> 
<lastDetectedDate>2017-04-04T06:16:20Z</lastDetectedDate> 
<lastTestedDate>2017-04-04T06:16:20Z</lastTestedDate> 
<timesDetected>3</timesDetected> 
<webApp> 
<id>4080112</id> 
<name> 
<![CDATA[web app 1491286489688]]> 
</name> 
<url> 
<![CDATA[http: //funkytown. vuln.ga.example. com: 80/c 
assium/xss/]]> 


</url> 
</webApp> 
<isIgnored>true</isIgnored> 
</Finding> 
</data> 


Sample - Search finding using uniqueld 


As every uniqueld is unique, using uniqueld, you could search for the exact 
finding. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/search/was/finding/" < 
file.xml 


Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="uniqueId" operator="EQUALS">8a2c4d51-6d28-2b92- 
e053 -2943720a74ab</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/28081/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 

<hasMoreRecords>false</hasMoreRecords> 

<data> 

<Finding> 

<id>132990</id> 
<uniquelId>8a2c4d51 -6d28-2b92-e053-2943720a74ab</uniqueld> 
<qid>150004</qid> 
<name> 


<![CDATA[Path-Based Vulnerability] ]> 


</name> 
<type>VULNERABILITY</type> 
<findingType>QUALYS</findingType> 


<cwe> 
<count>1</count> 
<list> 
<long>22</long> 
< Liste 
</cwe> 
</webApp> 
<isIgnored>false</isIgnored> 
<retest/> 
</Finding> 
</data> 
</ServiceResponse> 
XSD 


<platform API server>/qps/xsd/3.0/was/finding.xsd 


Get Finding Details 
/aps/rest/3.0/get/was/finding/<id> 


[GET] 


Returns details for a finding on a web application which is in the user’s scope. 
See “Search findings” to find a record ID to use as input? See Search Findings. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The output 
includes findings for web applications in the user's scope. 


Input Parameters 


The element “id” (integer) is required, where “id” identifies a finding 
(WebAppVuln, WebApplg, or WebAppSensitiveContent). 


Click here for available operators 


Sample - View details for the finding 


Let us view details for the web application with the ID 1729432. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/finding/1729432" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/ finding. xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>1729432</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 


<qid>150117</qid> 
<name> 
<![CDATA[Path-Based Cross-Site Scripting (XSS)]]> 
</name> 
<type>VULNERABILITY</type> 
<findingType>QUALYS</findingType> 
<group>XSS</group> 
<cwe> 
<count>1</count> 
<list> 
<long>79</long> 
</ last> 
</cwe> 
<owasp> 
<count>1</count> 
<list> 
<OWASP > 
<name> 
<![CDATA[Cross-Site Scripting (XSS)]]> 
</name> 
<url> 
<! [CDATA[https://www.owasp.org/index.php/T 
op 10-2017 A7-Cross-Site Scripting (XSS)]]> 
</url> 
<code>7</code> 
</OWASP> 
<list> 
</owasp> 
<wasc> 
<count>1</count> 
<list> 
<WASC> 
<name> 
<![CDATA[Cross-Site Scripting] ]> 
</name> 
<url> 
<! [CDATA[http://projects.webappsec.org/w/page/132469208/WASC]]> 
</url> 
<code>8</code> 
</WASC> 
</list> 
</wasc> 
<resultList> 
<count>1</count> 
<list> 
<Result> 


<authentication>false</authentication> 
<ajax>false</ajax> 
<payloads> 
<count>1</count> 
<list> 
<PayloadInstance> 
<payload> 
< ! [CDATA[@APPEND@/%22%3e%3c img 
%28src%3dq%28onerror%3dalert(9)%3e]]> 
</payload> 
<request> 
<method> 
<![CDATA[GET]]> 
</method> 
<link> 
<! [CDATA[http: //funkytown. vuln.qa.qualys.com/cassium/traversal/page 48 
/%22%3e%3cimg%28src%3dq%28onerror%3dalert(9)%3e]]> 
</link> 
<headers> 
<! [CDATA[UmVmZXJ 1cjogaHR®CcDoVL2Z1bmt5dG93bi52dWxuLnFhLnF1YWx5cy5jb20VY 
2Fzc211bS94c3MvDQpDb29raWU6IFBIUFNFUINJRDO80DIMNTIAZJUXNWEIMTY3MJMOOTQ 
wNzExYTE1MWM@MDsNCg==] ]> 
</headers> 
</request> 
<response> 
<! [CDATA[<html><head><title>wWe 
lcome to page page 48/\"><img src=q 
onerror=alert(9)></title></head><body><h1>Welcome to page 
page 48/\"><img src=q onerror=alert(9)></h1>Click <a 
href='/cassium/traversal/page 49'>here</a> to go to the next 
page.Click<a href='/cassium/traversal/page 47'>here</a> to go back to 
the previous page.</body></html>]]> 
</response> 
<payloadResponce> 
<offset>16</offset> 
<length>62</length> 
</payloadResponce> 
</PayloadInstance> 
</list> 
</payloads> 
</Result> 
</list> 
</resultList> 
<severity>5</severity> 
<url> 


<! [CDATA[http: //funkytown. vuln.qa.example.com/cassium/traversal/page 4 
8/%22%3e%3 cimg%20src%3dq%2®onerror%3dalert(9)%3e]]> 

</url> 

<status>ACTIVE</status> 
<firstDetectedDate>2017-04-04T06:15:33Z</firstDetectedDate> 
<lastDetectedDate»>2017-04-04T06:16:20Z</lastDetectedDate> 
<lastTestedDate>2817-84-084T06:16:28Z</lastTestedDate> 
<timesDetected>3</timesDetected> 


<webApp> 
<id>4080112</id> 
<name> 
<![CDATA[web app 1491286489688] ]> 
</name> 
<url> 
<! [CDATA[http: //funkytown. vuln.ga.example. com: 80/cassium/xss/ ] 
]> 
</url> 
<tags> 
<count>2</count> 
<list> 
<Tag> 
<id>8753812</id> 
<name> 
<![CDATA[Multiscan]]> 
</name> 
</Tag> 
<Tag> 
<id>9029017</id> 
<name> 
<![CDATA[TagWebapp1] ]> 
</name> 
</Tag> 
</list> 
</tags> 
</webApp> 


<isIgnored>true</isIgnored> 
<ignoredReason>FALSE_POSITIVE</ignoredReason> 
<ignoredBy> 
<id>671794@</id> 
<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 


</ignoredBy> 
<ignoredDate>2018-09-06T06:15:44Z</ignoredDate> 
<ignoredComment> 
<![CDATA[Test comment] ]> 
</ignoredComment > 
<retest/> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Get details of finding 


You can fetch details of a finding using uniqueld. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/finding/8a2c4d51- 
6d28-2b92-e053-2943720a74ab" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>132990</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
<qid>150004</qid> 
<name> 
<![CDATA[Path-Based Vulnerability] ]> 
</name> 
<type>VULNERABILITY</type> 
<findingType>QUALYS</findingType> 
<group>PATH</group> 
<cwe> 
<count>1</count> 
lie: 
<long>22</long> 
</ lust > 


</cwe> 


<isIgnored>false</isIgnored> 
<retest/> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Groups for Information Gathered Issues 
Let us view the two groups for issues of type Information Gathered: 
- Diagnostic IG (general information about the scan) 


- Weakness IG (issues that are security weakness or conflict with best 
practices) 


The response accordingly reflects to which group the issue belongs. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/finding/713223" 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
O/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<1d> 213223 2/1d> 
<uniqueld>8c9c933f-84f1-f77e-e853-294f2c8ab892</uniqueld> 
<qid>150014</qid> 
<name> 
<![CDATA[External Form Actions Discovered] ]> 
</name> 
<type> INFORMATION GATHERED</type> 
<findingType>QUALYS</findingType> 
<group>IG_DIAG</group> 
<resultList> 
<count>1</count> 


<A sie > 
</tags> 
</webApp> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Get details of findings with "SSL/TLS and Certificate 
issues” 


Let us fetch details of a finding that includes different types of SSL/TLS and 
Certificate issues. Depending on the type of the finding, the details are listed 
in Information Gathered and Information Disclosure type. The different types 
of SSL/TLS and certificate issues that we support are: 


- SSL Data with Certificate Fingerprint 
- SSL Data with Prop 

- SSL Data with Kex 

- SSL Data with Ciphers 


The finding you view could include one or multiple issues for an issue type 
that is listed above. The name tag indicates the type of the issue. 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/finding/581856" 


XML response (SSL Data with Certificate Fingerprint) 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>581856</id> 
<uniqueld>d6388c61-fcda-4f46-9767-1d8cb521d953</uniqueld> 


<qid>86002</qid> 
<name> 

<![CDATA[SSL Certificate - Information] ]> 
</name> 
<type> INFORMATION _GATHERED</type> 
<findingType>QUALYS</findingType 


<sslDataInfoList> 
<list> 
<SSLDataInfo> 
<certificateFingerprint>291126AC8ED272F71E 
DFQ@6E5B76BBECD1C811769D4FE988DE95FF848AF EBCF6A</certificateFingerprint 
> 
</SSLDataInfo> 
</list> 
</sslDataInfoList> 
</sslData> 
</Finding> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/finding.xsd 


Ignore Findings 


/aps/rest/3.0/ignore/was/finding 
/aps/rest/3.0/ignore/was/finding/<id> 


[POST] 


Ignore findings for a web application which is in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and "Ignore 
Vulnerabilities” permission. The output includes findings for web applications 
in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 


id (integer) ID of the finding (WebAppVuln, WebApplg, 
or WebAppSensitiveContent). 


uniqueld (value) The 36-bit unique id assigned to the finding. 
For example: 


<Finding> 
<id>132990</id> 
<uniquelId>8a2c4d51 -6d28-2b92-e053- 
294372@a74ab</uniqueld> 
<qid>150004</qid> 


qid (integer) Qualys ID assigned to the detection. 


name (text) Name of the detection finding. 

type (keyword) Type of the finding: VULNERABILITY, 
SENSITIVE_CONTENT, or 
INFORMATION_GATHERED. 


url (text) URL of the web application on which the 
finding was detected. 


webApp.tags.id (date) ID of the tag associated with the web 
application on which the finding was detected. 


webApp.tags.name (text) Name of the tag associated with the web 
application on which the finding was detected. 


status (keyword) Status of the finding: NEW, ACTIVE, 
REOPENED, PROTECTED and FIXED. 


patch Cinteger-long) Use WAF to protect against 
vulnerabilities by installing virtual patches. 


webApp.id (integer) ID of the web application on which the 
finding was detected. 


webApp.name (text) Name of the web application on which the 
finding was detected. 


severity (integer) Severity of the finding. 


externalRef (string) Tip - Use operator IS EMPTY for findings with 
empty external references. 


ignoredDate (date) The date on which the finding was marked to 
ignore. 
ignoredReason (keyword) The reason for which the finding is 


ignored: FALSE_POSITIVE, RISK_ACCEPTED or 
NOT_APPLICABLE 


group (keyword) XSS, SQL, INFO, PATH, CC, SSN_US or 


reactivateDate 


reactivateln 


owasp.name 


owasp.code 


wasc.name 
wasc.code 
cwe.id 


firstDetectedDate 


lastDetectedDate 


lastTestedDate 


timesDetected 


severity level 


CUSTOM 


(date) Specify the date after which the ignored 
finding should be re-activated. The date/time is 
specified in YYYY-MM-DD format. 


(integer) Specify the number of days after which the 
ignored finding should be reactivated. 


Note: reactivateDate and reactivateln are mutually 
exclusive parameters and cannot be used together. 
You can use only either of them for a finding. 


(text) Name of the OWASP vulnerability. 


(integer) Code associated with the OWASP 
vulnerability 


(text) Name of the vulnerability. 
(integer) Code of the vulnerability. 
(integer) ID associated with CWE. 


(date) The date when the finding was first detected in 
the web application, 


(date) The date when the finding was last detected in 
the web application. 


(date) The date when the finding was last tested in 
the web application. 


(integer) The count indicating the number of times 
the finding was detected. 


(integer) The severity associated with the 
finding:1,2,5,4,5 


Sample - Ignore a specific finding 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/ignore/was/finding/16451956 
69 LLI 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<id>1645195669</id> 
<ignoredReason>FALSE_POSITIVE</ignoredReason> 
<ignoredComment>test</ignoredComment> 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.0rg/2001/XMLSchema-instance" 
Xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>1645195669</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Reactivate an ignored finding (date) 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/ignore/was/finding/" 
Note: "file.xml" contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<id>927823</id> 
<ignoredReason>FALSE_POSITIVE</ignoredReason> 
<ignoredComment>test</ignoredComment> 
<reactivateDate>2018-11-14</reactivateDate> 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
o/ 
was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>927823</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Reactivate an ignored finding (day) 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" 
--data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/ignore/was/finding/" 
Note: "file.xml" contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 


<tde927913<7 i> 
<ignoredReason>FALSE POSITIVE</ignoredReason> 
<ignoredComment>test</ignoredComment > 
<reactivateIn>1</reactivateIn> 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse 
xmlns:xsi="http: //www.w3.org/2001/XMLSchema- instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
O/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<ild>927913</ id> 
<uniqueld>8a2c4d51 -6d28-2b92-e@53-2943720a74ab</uniqueld> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Ignore multiple findings 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" 
--data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/ignore/was/finding/" 
Note: "file.xml" contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="NOT EQUALS">1231056</Criteria> 
<Criteria field="type" operator="NOT 
EQUALS">INFORMATION_GATHERED</Criteria> 
</filters> 
<data> 
<Finding> 
<ignoredReason>FALSE POSITIVE</ignoredReason> 


<ignoredComment>test</ignoredComment > 
</Finding> 
</data> 
</ServiceRequest> 


Note : When you are trying to ignore findings, make sure that type of finding 
is passed in data is not of INFORMATION_GATHERED type as they cannot be 
ignored. This can be ensured by using type not equals 
INFORMATION_GATHERED tag when using NOT EQUALS, GREATER or 
LESSER operator. 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>27</count> 
<data> 
<Finding> 
<id>1231057</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
<Finding> 
<id>1231058</id> 
<uniqueld>5a2c4d51-5d28-2b92-e853-2943728a32ab</uniqueld> 
</Finding> 
<Finding> 
<id>1231059</id> 
<uniqueld>4a2c4d51-8d28-2b92-e853-2943728a16ab</uniqueld> 
</Finding> 
<Finding> 
<id>1231060</id> 
<uniqueld>3a2c4d51-9d28-2b92-e853-29437208a98ab</uniqueld> 
</Finding> 


</data> 
</ServiceResponse> 


Sample - Ignore finding using uniqueld 


As every uniqueld is unique, using uniqueld, you could ignore the exact 
finding. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/ignore/was/finding/8a2c4d51 
-6d28-2b92-e053-2943720a74ab" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<ignoredReason>FALSE POSITIVE</ignoredReason> 
<ignoredComment>test</ignoredComment > 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>132990</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/finding.xsd 


Activate Findings 
/aps/rest/3.0/activate/was/finding 


[POST] 


Activate ignored findings for a web application which is in the user’s scope. 
Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and "Ignore 


Vulnerabilities” permission. The output includes findings for web applications 
in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 


id (integer) ID of the finding (WebAppVuln, 
WebApplg, or WebAppSensitiveContent). 


uniqueld (value) The 36-bit unique id assigned to the finding. 
For example: 
<Finding> 
<id>132990</id> 
<uniqueld>8a2c4d51 -6d28-2b92-e053- 


294372@a74ab</uniqueld> 
<qid>150004</qid> 


qid (integer) Qualys ID assigned to the detection. 


name (text) Name of the detection finding. 


type 


url 


webApp.tags.id 


webApp.tags.name 


status 


patch 


webApp.id 


webApp.name 


severity 


externalRef 


ignoredDate 


ignoredReason 


group 


(keyword) Type of the finding: VULNERABILITY, 
SENSITIVE_CONTENT, or 
INFORMATION_GATHERED. 


(text) URL of the web application on which the 
finding was detected. 


(date) ID of the tag associated with the web 
application on which the finding was detected. 


(text) Name of the tag associated with the web 
application on which the finding was detected. 


(keyword) Status of the finding: NEW, ACTIVE, 
REOPENED, PROTECTED and FIXED. 


(integer-long) Use WAF to protect against 
vulnerabilities by installing virtual patches. 


(integer) ID of the web application on which the 
finding was detected. 


(text) Name of the web application on which the 
finding was detected. 


(integer) Severity of the finding. 


(string) Tip - Use operator IS EMPTY for findings 
with empty external references. 


(date) The date on which the finding was marked to 
ignore. 


(keyword) The reason for which the finding is 
ignored: FALSE_POSITIVE, RISK_ACCEPTED or 
NOT_APPLICABLE 


(keyword) XSS, SQL, INFO, PATH, CC, SSN_US or 
CUSTOM 


owasp.name (text) Name of the OWASP vulnerability. 


owasp.code (integer) Code associated with the OWASP 
vulnerability 


wasc.name (text) Name of the vulnerability. 
wasc.code (integer) Code of the vulnerability. 
cwe.id (integer) ID associated with CWE. 


firstDetectedDate (date) The date when the finding was first detected 
in the web application, 


lastDetectedDate (date) The date when the finding was last detected 
in the web application. 


lastTestedDate (date) The date when the finding was last tested in 
the web application. 


timesDetected (integer) The count indicating the number of times 
the finding was detected. 


severity level (integer) The severity associated with the 
meine 1245 


Sample - Activate all ignored findings 


API request 


curl -n -u “USERNAME : PASSWORD" 
“qualysapi.qualys.com/gps/rest/3.0/activate/was/finding" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>3</count> 


<data> 
<Finding> 
<id>1613225669</id> 
<uniqueld>8a2c4d51 -6d28-2b92-e053-2943720a74ab</uniqueld> 
</Finding> 
<Finding> 
<id>1613255669</id> 
<uniqueld>9a2c4d41 -6d21-2b92-e054-394372@a65ab</uniqueld> 
</Finding> 
<Finding> 
<id>1645195669</id> 
<uniqueld>7a2c4d31-5d28-2b92-e055-4943728a51ab</uniqueld> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Activate specific finding 


API request 


curl -n -u “USERNAME : PASSWORD" 
“qualysapi.qualys.com/gps/rest/3.0/activate/was/finding/1613255669" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<td>1613255669</id> 
<uniqueld>8a2c4d51 -6d28-2b92-e053-294372@a74ab</uniqueld> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Activate a finding using uniqueld 


API request 


curl -n -u “USERNAME : PASSWORD" 
“qualysapi.qualys.com/gps/rest/3.0/activate/was/finding/1613255669" 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>1613255669</id> 
<uniquelId>8a2c4d51 -6d28-2b92-e053-2943720a74ab</uniqueld> 
</Finding> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/finding.xsd 


Edit Finding Severity 
/aps/rest/3.0/editSeverity/was/finding 
/aps/rest/3.0/editSeverity/was/finding/<id> 


[POST] 


Edit severity level of the given findings. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and "Ignore 
Vulnerabilities” permission. User must have access to web application which 
belongs to given WebAppVuln id. The output includes findings for web 
applications in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 


id (integer) ID of the finding (WebAppVuln, WebApplg, 
or WebAppSensitiveContent). 


uniqueld (value) The 36-bit unique id assigned to the finding. 
For example: 


<Finding> 
<id>132990</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053- 
294372@a74ab</uniqueld> 
<qid>150004</qid> 


new severity (integer) {1,2,3,4,5} 


level 


comments (text) User comments. 


Sample - Edit severity level 


Edit severity for single finding. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/editSeverity/was/finding/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<id>647</id> 
<severityComment>Test comment API</severityComment> 
<severity>2</severity> 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>647</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Edit severity for multiple findings 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/editSeverity/was/finding/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<severityComment>test comment api</severityComment> 
<severity>2</severity> 
</Finding> 
</data> 
<filters> 
<Criteria field="id" operator="IN">183, 645</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<data> 
<Finding> 
<id>645</id> 
<uniqueId>»6a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
<Finding> 
<id>183</id> 
<uniqueId>5a2c4d31-5d28-2b92-e055-494372@a51ab</uniqueld> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Edit severity of a finding using uniqueld 


As every uniqueld is unique, using uniqueld, you could edit the severity of a 
finding. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/editSeverity/was/finding/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<uniqueld>8a2c4d51 -6d28-2b92-e053-2943720@a74ab</uniqueld> 
<severityComment>Test comment API</severityComment> 
<severity>3</severity> 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>132990</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/finding.xsd 


Restore Findings Severity 
/aps/rest/3.0/restoreSeverity/was/finding 
/aps/rest/3.0/restoreSeverity/was/finding/<id> 


[POST] 


Restore severity level of the given findings. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Ignore 
Vulnerabilities” permission. User must have access to web application which 
belongs to given WebAppVuln id. The output includes findings for web 
applications in the user's scope. 


Input Parameters 


The element “id” (integer) is required, where “id” identifies a finding 
(WebAppVuln, WebApplg, or WebAppSensitiveContent). 


Click here for available operators 


Sample - Restore severity level 


API request 


curl -n -u “USERNAME : PASSWORD" 
“qualysapi.qualys.com/gps/rest/3.0/restoreSeverity/was/finding" 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<id>6034</id> 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>6034</id> 
<uniqueld>8a2c4d51 -6d28-2b92-e053-2943720a74ab</uniqueld> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Restore for multiple findings 


API request 


curl -n -u “USERNAME : PASSWORD" 
"qualysapi.qualys.com/qps/rest/3.@/restoreSeverity/was/finding"” 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="IN">645,183</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>2</count> 
<data> 
<Finding> 
<id>645</id> 
<uniqueld>6a2c4d51 -6d28-2b92-e053-2943720a74ab</uniqueld> 
</Finding> 
<Finding> 


<id>183</id> 
<uniquelId>5a2c4d31-5d28-2b92-e055-494372@a51ab</uniqueld> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Restore severity of a finding using uniqueld 


As every uniqueld is unique, you could restore the severity of specific finding. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/gps/rest/3.8/editSeverity/was/finding/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<uniqueld>8a2c4d51 -6d28-2b92-e053-2943720a74ab</uniqueld> 
<severityComment>Restoring default 
severity</severityComment> 
<severity>3</severity> 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>132990</id> 
<uniqueId>8a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
</data> 


</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/finding.xsd 


Retest Findings 
/aps/rest/3.0/retest/was/finding 
/aps/rest/3.0/retest/was/finding/<id> 


[POST] 


You can now easily retest the findings for individual vulnerabilities using 
Finding API to test the selected finding. Only potential vulnerabilities, 
confirmed vulnerabilities and sensitive contents are available for retest. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and 


"WAS.VULN.RETEST" permission. The output includes findings for web 
applications in the user's scope. 


Input Parameters 


The element “id” Cinteger) is required, where “id” identifies a finding 
(WebAppVuln, WebApplg, or WebAppSensitiveContent). 


Click here for available operators 


Sample - Retest Finding using XML Request 


API request 


curl -n -u "USERNAME :PASSWORD" 
"qualysapi.qualys.com/qps/rest/3.0/retest/was/finding" 


Request POST data 


<ServiceRequest> 
<data> 
<Finding> 
<id>1728792</id> 
</Finding> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse 
xmlns:xsi="http: //www.w3.org/2001/XMLSchema- instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/portal- 
api/xsd/3.8/was/finding.xsd" > 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>1728792</id> 
<uniqueId>2a2c4d51-6d28-2b92-e053-2943720a74ab</uniqueId> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Using Finding ID 


API request 


curl -n -u “USERNAME : PASSWORD" 
“qualysapi.qualys.com/gps/rest/3.0/retest/was/finding/1728792" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse 
xmlns:xsi="http: //www.w3.org/2001/XMLSchema-instance"> 
xSi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/portal- 
api/xsd/3.0/was/finding. xsd" 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>1728792</id> 
<uniqueld>8a2c4d51-6d28-2b92- e053 -2943720a74ab< /uniqueld> 
</Finding> 
</data> 
</ServiceResponse> 


Sample - Retest a finding using uniqueld 


API request 


curl -n -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/retest/was/finding/8a2c4d51 
-6d28-2b92 -e053-2943720a74ab" 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse 
xmlns:xsi="http: //www.w3.org/2001/XMLSchema-instance"> 
xSi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/portal- 
api/xsd/3.0/was/finding. xsd" 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding><id>1728792</id></Finding> 
<uniqueld>8a2c4d51-6d28-2b92-e053-2943720@a74ab< /uniqueld> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/finding.xsd 


Retrieve Finding Retest Status 
/aps/rest/3.0/retestStatus/was/finding/{id} 

[POST] 

Retrieves the retest status for a finding. You can use the retest status to 
automate the scanning and retesting processes. The API returns one of these 
statuses: NO_RETEST, UNDER_RETEST, RETESTED, CANCELING, and 
CANCELED. 

Permissions required - You must have the WAS module enabled. You must 
have the "API access” and "Access WAS module” permissions. You must have 
the View permission. 


Input Parameters 


The API supports POST method. The Input parameters are id or uniqueld. We 
support optional filters that are available for the Search Finding API. 


Parameter Description 


id (integer) ID of the finding (WebAppVuln or 
WebAppSensitiveContent). 


uniqueld (value) The 36-bit unique id assigned to the finding. 


Sample - Retrieve retest status for a finding 
Let us retrieve the retest status of a finding with ID 2730074. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" 
“https://qualysapi.qualys.com/gps/rest/3.0/retestStatus/was/finding/27 
30074" 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xXSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/finding.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<Finding> 
<id>2774812</id> 
<uniqueld>af45db08 -80c6-4527 -a48a-9759450b21a2</uniqueld> 
hees 
<retestStatus>RETESTED</retestStatus> 
<retestedDate>2020-10-30T09:03:11Z</retestedDate> 
<findingStatus>Finding has been 
detected</findingStatus> 
<reason>Finding was confirmed</reason> 
</retest> 
</Finding> 
</data> 
</ServiceResponse> 


WAS Findings in XML Report 


Findings in all WAS reports in XML format are Base64 encoded starting with 
version 3.1. Findings include vulnerability detections, information gathered 
and sensitive content. 


Did you build clients using WAS version 3.0 or earlier? If yes, please update 
your clients so that WAS findings data is processed accurately. 


Tell me about Base64 encoded findings 


All findings reported for scan and web applications are base64 encoded in 
XML. This includes: 


- Actual contents of the response 
- If evidence in response is highlighted, the evidence contents 
- Information gathered data 


Base64 encoded data usually will have the attribute set to “base64=true”. For 
example: 


<FINDING> 

<PAYLOAD>< ! [CDATA[ uid=%00%3Cscript%3E_q%3Drandom(X157105156Y1Z)%3C%2 
Fscript 
%3E ] ]></PAYLOAD> 

<RESULT base64="true"><! [CDATA[C19mZWVkKCgKCgpbCil=] ]></RESULT> 
</FINDING> 
If the “base64=true attribute” is not set, the value will be in plain 
text. For example: 
<FINDING> 

<PAYLOAD>< ! [CDATA[ uid=%00%3Cscript%3E_q%3Drandom(X157105156Y1Z)%3C%2 
Fscript 
%3E] ]></PAYLOAD> 

<RESULT><! [CDATA[_feed(("]]></RESULT> 
</FINDING> 


Which WAS reports show findings? 
- WAS v3 Scan Results 


- Web Application Report 


- Web Application Scan Report 


WAS v3 Scan Results 


Vulnerability and Sensitive Content findings 


WasScan/vulns/list/WasScanVuln/instances/list/WasScanVulninstance/ 
payloads/list/WasScanVulnPayload/result 


WasScan/sensitiveContents/list/WasScanSensitiveContent/ 
instances/list/ WasScanSensitiveContentInstance/payloads/list/ 
WasScanSensitiveContentPayload/result 


Sample WAS v3 Scan Results XML 


<WasScanVuln> 
<qid>1508081</qid> 
<title><![CDATA[Reflected Cross-Site Scripting (XSS) 
Vulnerabilities]]></title> 
<uri><! [CDATA[http://myuri.apps.com/613460625329/feed.gtl?uid=%22'%3E 
%3Cqss%20a%3DX157 
105156Y1Z%3E]]></uri> 
<param>uid</param> 
<instances> 
<count>1</count> 
<list> 
<WasScanVulnInstance> 
<authenticated>false</authenticated> 
<payloads> 
<count>4</count> 
<iis t> 
<WasScanVulnPayload> 
<payload><![CDATA[ uid=%88%3Cscript%3E_q%3Drandom(X157185156 
Y1Z)%3C%2Fscript%3E]]> 
</payload> 
<result base64="true"> 
<! [CDATA[C19mZWVkKCgKCgpbCil]]></result> 
</WasScanVulnPayload> 
<WasScanVulnPayload> 
<payload><![CDATA[uid=%22'%3E%3Cqss%20a%3DX157195156Y1Z%3E] 
]></payload> 
<result base64="true"> 
< ! [CDATA[ C19mZWVkKCgKCgpbCiliJyZndDsmbHQ7cXNzIGE9WDE1NZEWNT 
E1N1kxWiZndDsiCgpdCgoKCikpCg | |></result> 


</WasScanVulnPayload> 
<WasScanVulnPayload> 
<payload><! [CDATA[uid=%00%3Cscript%3E _q%3Drandom(X157201836 
Y1Z)%3C%2Fscript%3E]]> 
</payload> 
<result 
base64="true"><! [CDATA[C19mZWVkKCgKCgpbCil ] ]></result> 
</WasScanVulnPayload> 
<WasScanVulnPayload> 
<payload><! [CDATA[ uid=%22 '%3E%3Cqss%20a%3DX157201836Y1Z%3E | 
]></payload> 
<result base64="true"> 
< ! [CDATA[ C19mZWVkKCgKCgpbCiliJyZndDsmbHQ7cXNzIGEQSWDE1NzIwMT 
gzNlkxWiZndDsiCgpdCgoKCikpCg ] ]></result> 
</WasScanVulnPayload> 
Gaast 
</payloads> 
</WasScanVulnInstance> 
</list> 
</instances> 
</WasScanVuln> 


Information Gathered findings 


WasScan/igs/list/WasScanlg/data 


Sample WAS v3 Scan Results XML 


<INFO> 
<QID>150044</QID> 
<TITLE><![CDATA[ Login Form Is Not Submitted Via HTTPS] ]></TITLE> 
<RESULT base64="true"> 
<! [CDATA[ RGVmYXVsdCBmb3 Jt IGF jdGlvbiBkb2VzIGSvdCBzdwJtaxXQgdm1hIFNTTDoga 
HR@cDovL2dvb2ds 
ZS1nenV5ZXJ 1 LmFwcHNwb3QuY29tLzYxMzQ2MDYyNTMyOS9sb2dpbgo=| | ></RESULT> 
</INFO> 


Vulnerability and Sensitive Content findings 


WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/VULNERABILITY_LIST 
/VULNERABILITY/ PAYLOADS/PAYLOAD/RESPONSE/CONTENTS 


WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/SENSITIVE_CONTENT_LIST/ 
SENSITIVE_CONTENT/PAYLOADS/PAYLOAD/RESPONSE/CONTENTS 


WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/VULNERABILITY_LIST/ 
VULNERABILITY/PAYLOADS/PAYLOAD/RESPONSE/EVIDENCE 


WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/SENSITIVE_CONTENT_LIST/ 
SENSITIVE_CONTENT/PAYLOADS/PAYLOAD/RESPONSE/EVIDENCE 


Sample WAS v3 Scan Results XML 


<VULNERABILITY> 
<ID>5943</ID> 
<QID>150001</QID> 
<URL><![CDATA[http://myuri.apps.com/app/xss/@/1/@/xss.php?s='%2@onEven 
t%3dX146470180Y1Z%20 | | ></URL> 
<PARAM>< ! [ CDATA[ s ] ] ></PARAM> 
<AUTHENTICATION>Not Required</AUTHENTICATION> 
<STATUS>NEW</STATUS> 
<FIRST TIME DETECTED>2011-12-30T09:57:39Z</FIRST TIME DETECTED> 
<LAST TIME DETECTED>2011-12-30T09:57:39Z</LAST TIME DETECTED> 
<LAST TIME TESTED>2011-12-30T09:57:39Z</LAST TIME TESTED> 
<TIMES DETECTED>1</TIMES DETECTED> 
<PAYLOADS> 
<PAYLOAD> 
<NUM>1</NUM> 
<PAYLOAD>< ! [CDATA[ s='%2@onEvent%3dX146470180Y1Z%20 | ]></PAYLOAD> 
<REQUEST/> 
<RESPONSE> 
<CONTENTS 
base64="true"><! [CDATA[ bGQiJmd@0yZsdDsmbHQ7L 3NwYW4mZ3Q7 1D@mZ3Q71ICZsdDt 
ZCGFUIGNSYXNZPSJib2xkIiZndDsmYW1w02x80yZsdDsvc3BhbiZndDsmbHQ7YnImZ307C 
iZsdDsvZG12Jmd80wombHQ7L2RpdiZndDsKImx802J yJImd@OwombHQ7ZG12IGNSYXNzPSJ 
wYXlsb2FkcyImZ307Ck91dHB1dCBmcm9tIHJ1CcXV1C3Q0gImx803NwYW4gY2xhc3M9ImJvb 
GQiJmd@0y9jYXNzaXVtL3hzcy5waHA/dmF yaWFudDOwJmFtcDtxcz@xJmFtcDtmPTAmYW1 
wO3M9J yYUyMG9URXZ1bnQIM2RYMTQ2NDcwMT gwWTF aj T IwJmx@0y9zcGFuJmd@OwombHQ7Y 
nImZ307CiZsdDthIGhyZWY9J1wnIG9uURXZ1bnQ9WDEONJQ3MDEAMFKXWIiANJmd803NhbXB 
szSBsaW5rJImx80y9hJmd80wombHQ7L2RpdiZndDsKJImx803NjcmlwdCZndDttYWluKCkmb 
HQ7L3NjcmlwdCZndDsKImx@0y9ib2R5Jmd@OwombHQ7L 2h@bWwmZ3Q7 | ]></CONTENTS> 
</RESPONSE > 


</PAYLOAD> 
</PAYLOADS> 
<IGNORED>false</IGNORED> 
</VULNERABILITY> 


Information Gathered findings 


WAS_WEBAPP_REPORT/RESULTS/WEB_APPLICATION/ 
INFORMATION_GATHERED_LIST/ INFORMATION_GATHERED/DATA 


<INFORMATION GATHERED_LIST> 
<INFORMATION_GATHERED> 
<ID>1529</ID> 
<QID>6</QID> 
<FIRST TIME DETECTED>2011-12-30T09:57:39Z</FIRST TIME DETECTED> 
<LAST TIME DETECTED>2011-12-30T09:57:39Z</LAST TIME DETECTED> 
<LAST TIME TESTED>2011-12-30T09:57:39Z</LAST TIME TESTED> 
<DATA 
base64="true"><! [CDATA[ I3RhYmx1Ck1QX2FkZHJ 1c 3MgSG9zdF9uYW11CgoxMC4xMC4. 
yNi43NyBmdW5rexXR vd24udnVsbi5x 
YS5xdWFseXMuY29tCg==]]></DATA> 
</INFORMATION_GATHERED> 
<INFORMATION_GATHERED> 
<ID>1532</ID> 
<QID>150031</QID> 
<FIRST TIME DETECTED>2011-12-30T09:57:39Z</FIRST TIME DETECTED> 
<LAST TIME DETECTED>2011-12-30T09:57:39Z</LAST TIME DETECTED> 
<LAST_TIME TESTED>2011-12-30T09:57:39Z</LAST TIME TESTED> 
<DATA 
base64="true"><! [CDATA[VG1tZW91dCByZWF j aGVkIGLUIE1QQyBjb25uZWN@aW9UTHR 
vIFdlYktpdC4gSmF 
2YVNjcmlwdCBz 
dXBwb3 JOIGRpc2FibGVkIG1luOmVQaGFzZUNyYXdsCkNyYXds IGNvbXBsZXR1ZCB3aXROIF 
dlYktp dC4K]]></DATA> 
</INFORMATION_GATHERED> 


Vulnerability and Sensitive Content findings 


WAS_SCAN_REPORT/RESULTS/VULNERABILITY_LIST/VULNERABILITY/ 
PAYLOADS/ PAYLOAD/RESPONSE/CONTENTS 


WAS_SCAN_REPORT/RESULTS/SENSITIVE_CONTENT_LIST/ 
SENSITIVE_CONTENT/ PAYLOADS/PAYLOAD/RESPONSE/CONTENTS 


WAS_SCAN_REPORT/RESULTS/VULNERABILITY_LIST/VULNERABILITY/ 
PAYLOADS/ PAYLOAD/RESPONSE/EVIDENCE 


WAS_SCAN_REPORT/RESULTS/SENSITIVE_CONTENT_LIST/ 
SENSITIVE_CONTENT/ PAYLOADS/PAYLOAD/RESPONSE/EVIDENCE 


Information Gathered findings 


WAS_SCAN_REPORT/RESULTS/INFORMATION_GATHERED_LIST/ 
INFORMATION_GATHERED/DATA 


Reference: Findings 


The <OptionProfile> element includes sub elements used to define an option 
profile. A reference of these elements is provided below. An asterisk * 
indicates a complex element. 


Parameter Description 


id (integer) ID of the finding (WebAppVuln, 
WebApplg, or WebAppSensitiveContent). 


uniqueld (value) The 36-bit unique id assigned to the finding. 
For example: 


<Finding> 

<id>132990</id> 

<uniquelId>8a2c4d51 -6d28-2b92-e053- 
294372@a74ab</uniqueld> 


<qid>150004</qid> 
qid (integer) Qualys ID assigned to the detection. 
name (text) Name of the detection finding. 
type (keyword) Type of the finding: VULNERABILITY, 


SENS IT IVEZCONTENT Son 
INFORMATION_GATHERED. 


url (text) URL of the web application on which the 
finding was detected. 


webApp.tags.id (integer) ID of the tag associated with the web 
application on which the finding was detected. 


webApp.tags.name (text) Name of the tag associated with the web 
application on which the finding was detected. 


status 


patch 


webApp.id 


webApp.name 


severity 


externalRef 


ignoredDate 


ignoredReason 


group 


owasp.name 


owasp.code 


wasc.name 
wasc.code 
cwe.id 


firstDetectedDate 


(keyword) Status of the finding: NEW, ACTIVE, 
REOPENED, PROTECTED and FIXED. 


(integer-long) Use WAF to protect against 
vulnerabilities by installing virtual patches. 


(integer) ID of the web application on which the 
finding was detected. 


(text) Name of the web application on which the 
finding was detected. 


(integer) Severity of the finding. 


(string) Tip - Use operator IS EMPTY for findings 
with empty external references. 


(date) The date on which the finding was marked to 
ignore. 


(keyword) The reason for which the finding is 
ignored: FALSE_POSITIVE, RISK_ACCEPTED or 
NOT_APPLICABLE 


(keyword) XSS, SQL, INFO, PATH, CC, SSN_US or 
CUSTOM 


(text) Name of the OWASP vulnerability. 


(integer) Code associated with the OWASP 
vulnerability 


(text) Name of the vulnerability. 
(integer) Code of the vulnerability. 
(integer) ID associated with CWE. 


(date) The date when the finding was first detected 
in the web application. 


lastDetectedDate 


lastTestedDate 


timesDetected 


severity level 


(date) The date when the finding was last detected 
in the web application. 


(date) The date when the finding was last tested in 
the web application. 


(integer) The count indicating the number of times 
the finding was detected. 


(integer) The severity associated with the 
finding:1,2,3,4,5 


Configuration 


Option Profiles 


Option Profile Count 

/aps/rest/3.0/count/was/optionprofile 

[GET] [POST] 

Returns the total number of option profiles in the user’s scope. Input elements 
are optional and are used to filter the number of option profiles included in 
the count. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The count 
includes web applications in the user's scope. 


Inout Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 

id (integer) The ID of the option profile. 

name (text) The name given to the option profile. 

tags Filter by tags applied. 

tags.id (integer) ID of the tag assigned to option profile. 


tags.name (text) Tag name assigned to option profile. 


createdDate (date) The date when the option profile was created 
in WAS, in UTC date/time format. 


updatedDate (date) The date when the option profile was updated 
in WAS, in UTC date/time format. 


usedByWebApps (boolean) Web applications used/not used by the 
option profile. 


usedBySchedules (boolean) Scan schedules used/not used by the 
option profile. 


owner.id (Long with operator: EQUALS, IN, NOT EQUALS, 
GREATER or LESSER) ID of the owner who created 
the option profile. 


owner.name (text) Full name of the user who created the option 
profile. 


owner.username (text) Username of the owner who created the option 
profile. (like user_ab3). 


Sample - Count - no criteria (GET) 


API request 


curl -u "USERNAME : PASSWORD" 
“https://qualysapi.qualys.com/gps/rest/3.0/count/was/optionprofile/" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/was/optionprofile.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count >30</count> 
</ServiceResponse> 


Sample - Count - criteria (POST) 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary@- 
“https://qualysapi.qualys.com/gps/rest/3.0/count/was/optionprofile/" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" 
operator="IN">832265669, 832295669, 832285669</Criteria> 
<Criteria field="name" operator="CONTAINS">OP</Criteria> 
<Criteria field="tags" operator="NONE"></Criteria> 
<Criteria field="createdDate" operator="LESSER">2017-09- 
e9</Criteria> 
<Criteria field="updatedDate" operator="LESSER">2017-09- 
e9</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/optionprofile.xsd 


Search Option Profiles 
/aps/rest/3.0/search/was/optionprofile 


[POST] 


Returns a list of option profiles which are in the user’s scope. Action logs are 
not included in the output. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The Output 
includes option profiles in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 

id (integer) The ID of the option profile. 

name (text) The name given to the option profile. 

tags Filter by tags applied. 

tags.id (integer) ID of the tag assigned to option profile. 
tags.name (text) Tag name assigned to option profile. 
createdDate (date) The date when the option profile was created 


in WAS, in UTC date/time format. 


updatedDate (date) The date when the option profile was updated 
in WAS, in UTC date/time format. 


usedByWebApps (boolean) Web applications used/not used by the 


option profile. 


usedBySchedules (boolean) Scan schedules used/not used by the 
option profile. 


owner.id (Long with operator: EQUALS, IN, NOT EQUALS, 
GREATER or LESSER) ID of the owner who created 
the option profile. 


owner.name (text) Full name of the user who created the option 
profile. 


owner.username (text) Username of the owner who created the option 
profile. (like user_ab3). 


Sample - Search - criteria (POST) 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/search/was/optionprofile/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="id" 
operator="IN">832265669, 832295669, 832285669</Criteria> 
<Criteria field="name" operator="CONTAINS">OP</Criteria> 
<Criteria field="tags" operator="NONE"></Criteria> 
<Criteria field="createdDate" operator="LESSER">2017 -@9- 
e9</Criteria> 
<Criteria field="updatedDate" operator="LESSER">2017-09- 
e9</Criteria> 
</filters> 
</ServiceRequest> 


XML response 
<?xml version="1.8" encoding="UTF-8" ?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<OptionProfile> 
<id>832285669< /id> 
<name><![CDATA[My Option Profile]]></name> 
<owner> 
<id>8792415669</id> 
<username>user_ww</username> 
<firstName><! [CDATA[Walter ] ]></firstName> 
<lastName><! [CDATA[White ] ]></lastName> 
</owner> 
<tags> 
<count>®</count> 
</tags> 
<createdDate>2017-89-088T23:16:087Z</createdDate> 
<updatedDate>2017-09-08T23:16:07Z</updatedDate> 
</OptionProfile> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/optionprofile.xsd 


Get Option Profile Details 
/aps/rest/3.0/get/was/optionprofile/<id> 
[GET] 


View details for an option profile which is in the user’s scope. See “Search 
option profiles” to find a record ID to use as input. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The Output 
includes option profiles in the user's scope. 

Inout Parameters 


The element “id” Cinteger) is required, where “id” identifies an option profile. 


Click here for available operators 


Samples 


Sample - Get details of an option profile (GET) 


Sample - Get details on option profile with SmartScan enabled (GET) 
Sample - View details to know if action URI is enabled 


Sample - Get details of an Option Profile with customized scan intensity (GET) 


Sample - Get details of an option profile with enhanced crawling enabled 
(GET) 


Sample - Get details of an option profile to know the detection scope (GET) 


Sample - Get details of an option profile (GET) 


API request 


curl -u “USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/optionprofile/83226 
5669" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>832265669</id> 
<name><![CDATA[My Option Profile] ]></name> 
<owner> 
<id>8792415669</id> 
<username>user_walter</username> 
<firstName><![CDATA[Walter ] ]></firstName> 
<lastName>< ! [CDATA[White ] ]></lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>@</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>300< /maxCrawlRequests> 
<timeoutErrorThreshold>200</timeoutErrorThreshold> 
<unexpectedErrorThreshold>20</unexpectedErrorThreshold> 
<parameterSet> 
<id>@</id> 
<name><![CDATA[Initial Parameters ] ]></name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<comments> 
<count>2</count> 
<i> 
<Comment> 
<contents><![CDATA[some comments ]]></contents> 
<author> 
<id>200639085669</id> 
<username>user_walter</username> 
</author> 


</Comment> 
<Comment> 
<contents><![CDATA[some more comments] ]></contents> 
<author> 
<id>200639085669</id> 
<username>user_walter</username> 
</author> 
</Comment> 
</list> 
</comments> 
<sensitiveContent> 
<creditCardNumber>false</creditCardNumber> 
<socialSecurityNumber>false</socialSecurityNumber> 
</sensitiveContent> 
<createdDate>2017-09-08T22:03:01Z</createdDate> 
<createdBy> 
<id>8792415669</id> 
<username>user_walter</username> 
<firstName><![CDATA[Walter ]]></firstName> 
<lastName><! [CDATA[White ] ]></lastName> 
</createdBy> 
<updatedDate>2017-09-08T23:18:28Z</updatedDate> 
<updatedBy> 
<id>8792415669</id> 
<username>user_walter</username> 
<firstName><![CDATA[Walter ] ]></firstName> 
<lastName><! [CDATA[White ] ]></lastName> 
</updatedBy> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Get details on option profile with SmartScan enabled (GET) 


Want to use SmartScan? This feature must be enabled for your subscription. 
We can help you with this quickly - just contact your Technical Account 
Manager or Qualys Support. 


API request 


curl -u "USERNAME : PASSWORD" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/optionprofile/46733 
3" 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>467333</id> 
<name> 
<![CDATA[My Option Profile] ]> 
</name> 
<owner> 
<id>4354</id> 
<username>user_aril</username> 
<firstName> 
<! [CDATA[Ari ] ]> 
</firstName> 
<lastName> 
<! [CDATA[Smith ] ]> 
</lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>@</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>300</maxCrawlRequests> 
<timeoutErrorThreshold>100</timeoutErrorThreshold> 
<unexpectedErrorThreshold>388</unexpectedErrorThreshold> 
<parameterSet> 
<id>15601</id> 
<name> 
<![CDATA[Test Paramset ] ]> 
</name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<smartScanSupport>true</smartScanSupport> 
<smartScanDepth>18</smartScanDepth> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<comments> 
<count>®</count> 
</comments> 
<sensitiveContent> 
<creditCardNumber>false</creditCardNumber> 


<socialSecurityNumber>false</socialSecurityNumber> 
</sensitiveContent> 
<createdDate>2017 -@3-23T21:15:47Z</createdDate> 
<createdBy> 
<id>4354</id> 
<username>user_aril</username> 
<firstName> 
<![CDATA[Ari]]> 
</firstName> 
<lastName> 
<! [CDATA[Smith ] ]> 
</lastName> 
</createdBy> 
<updatedDate>2017 -@3-23T21:15:47Z</updatedDate> 
<updatedBy> 
<id>4354</id> 
<username>user_aril</username> 
<firstName> 
<! [CDATA[Ari]]> 
</firstName> 
<lastName> 
<! [CDATA[Smith]]> 
</lastName> 
</updatedBy> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - View details to know if action URI is enabled 


Example: View the option profile details for the web application with ID 
#171683 to check if action URI is enabled or disabled. 


API request 


curl -u "USERNAME:PASSWORD" " -X GET -H "Content-type: text/xml" 
"https://qualysapi.qualys.com/portal- 
api/rest/3.0/get/was/optionprofile/176683" 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/portal- 
api/xsd/3.0/was/optionprofile.xsd"> 


<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>176683</id> 
<name> 
<![CDATA[My Option Profile - with action URI]]> 
</name> 
<owner> 
<id>336390</id> 
<username>john_doe</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>®</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>200</maxCrawlRequests> 
<timeoutErrorThreshold>22</timeoutErrorThreshold> 
<unexpectedErrorThreshold>58</unexpectedErrorThreshold> 
<userAgent> 
<![CDATA[Mozilla/5.8 (Windows NT 6.2; 
WOW64)AppleWebKit 
/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 
Safari/537.36]]> 
</userAgent> 
<parameterSet> 
<id>@</id> 
<name> 
<![CDATA[Initial Parameters] ]> 
</name> 
</parameterSet> 
<ignoreBinaryFiles>true</ignoreBinaryFiles> 
<includeActionUriInFormId>true</includeActionUriInFormId> 
<smartScanSupport>false</smartScanSupport> 
<performance>LOW</performance> 
<bruteforceOption>DISABLED</bruteforceOption> 
<comments> 
<count>1</count> 
Gls 


<Comment > 
<contents> 
<![CDATA[User Comment] ]> 
</contents> 
<createdDate>2017-11- 
18T15:59:55Z</createdDate> 
</Comment> 
</list> 
</comments> 


</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Get details of an Option Profile with customized scan intensity 
(GET) 


Let us get details of an Option Profile with customized scan intensity. 


API request 


curl -u "USERNAME:PASSWORD" " -X GET -H "Content-type: text/xml" 
"https://qualysapi.qualys.com/qps/rest/3.0/get/was/optionprofile/16085 
60" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>1608560</id> 
<name> 
<![CDATA[Update Option Profile with Custom Scan 
Intensity]]> 
</name> 


<smartScanSupport>false</smartScanSupport> 

<customPerformance> 
<numOfHttpThreads>10</numOfHttpThreads > 
<delayBetweenRequests>20</delayBetweenRequests> 


</customPerformance> 
<bruteforceOption>MINIMAL</bruteforceOption> 


</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Get details of an option profile with enhanced crawling enabled 
(GET) 


API request 


curl -u "USERNAME:PASSWORD" " -X GET -H "Content-type: text/xml" 
“https://qualysapi.qualys.com/gps/rest/3.0/get/was/optionprofile/7768 
3" 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>77683</id> 
<name> 
<![CDATA[Sample Option Profile] ]> 
</name> 
<owner> 
<id>337590</id> 
<username>user_john</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>@</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 


<maxCrawlRequests>300</maxCrawlRequests> 
<timeoutErrorThreshold>100</timeoutErrorThreshold> 
<unexpectedErrorThreshold>388</unexpectedErrorThreshold> 
<parameterSet> 

<id>@</id> 

<name> 

<![CDATA[ Initial Parameters] ]> 

</name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<includeActionUriInFormId>false</includeActionUriInFormId> 
<enhancedCrawling>true</enhancedCrawling> 
<smartScanSupport>false</smartScanSupport> 


</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Get details of an option profile to know the detection scope (GET) 


API request 


curl -u "USERNAME:PASSWORD" " -X GET -H "Content-type: text/xml" 
"https: //qualysapi.qualys.com/qps/rest/3.0/get/was/optionprofile/7768 
3" 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>77683</id> 
<name> 
<![CDATA[Sample Option Profile] ]> 
</name> 
<owner> 
<id>337590</id> 
<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 


<isDefault>false</isDefault> 
<tags> 

<count>®</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>1000</maxCrawlRequests> 
<timeoutErrorThreshold>100</timeoutErrorThreshold> 
<unexpectedErrorThreshold>30@</unexpectedErrorThreshold> 
<parameterSet> 

<id>@</id> 

<name> 

<![CDATA[ Initial Parameters ] ]> 

</name> 
</parameterSet> 
<ignoreBinaryFiles>true</ignoreBinaryFiles> 
<includeActionUriInFormId>false</includeActionUriInFormId> 
<enhancedCrawling>false</enhancedCrawling> 
<smartScanSupport>true</smartScanSupport> 
<smartScanDepth>5</smartScanDepth> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<detection> 

<detectionScope>EVERYTHING</detectionScope> 
</detection> 
<comments> 

<count>@</count> 
</comments> 


</updatedBy> 
</OptionProfile> 


</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/optionprofile.xsd 


Create a new Option Profile 
/aps/rest/3.0/create/was/optionprofile 


[POST] 


Create a new option profile. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Create 
Option Profile”. 


Inout Parameters 


The element “name” (text) and "OptionProfile” is required, where “name” is 
option profile name. 


Click here for available operators 


Samples 


Create - minimum criteria (POST) 


Create - multiple criteria (POST) 


Create - disable error threshold values, set to O (POST) 


Create - enable SmartScan (POST) 


Create - enable action URI (POST) 


Create - associate pre-defined detection category (POST) 


Create an option profile with XSS Power Mode detection scope (POST) 


Create - Enabling XSS Payloads for standard scan 


Create - custom scan intensity (POST) 


Create - Enhanced Crawling enabled (POST) 


Create - Everything as detection scope 


Create - SSL/TLS and Certificate issues 
Sample - Create - minimum criteria (POST) 


Create a new option profile with the name “My Option Profile - with defaults”. 
The default option profile settings are assigned automatically. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/optionprofile/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[My Option Profile - with defaults] ]></name> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>832265669</id> 
<name><![CDATA[My Option Profile - with defaults ]]></name> 
<owner> 
<id>8792415669</id> 
<username>user_alex</username> 
<firstName>< ! [CDATA[ Alex] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</owner> 


<isDefault>false</isDefault> 
<tags> 
<count>®</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>300</maxCrawlRequests> 
<timeoutErrorThreshold>20</timeoutErrorThreshold> 
<unexpectedErrorThreshold>48</unexpectedErrorThreshold> 
<parameterSet> 
<id>@</id> 
<name><![CDATA[Initial Parameters] ]></name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<comments> 
<count>®</count> 
</comments> 
<sensitiveContent> 
<creditCardNumber>false</creditCardNumber> 
<socialSecurityNumber>false</socialSecurityNumber> 
</sensitiveContent> 
<createdDate>2018-09-08T22:03:01Z</createdDate> 
<createdBy> 
<id>8792415669</id> 
<username>user_alex</username> 
<firstName>< ! [CDATA[ Alex] ]></firstName> 
<lastName><! [CDATA[ Smith] ]></lastName> 
</createdBy> 
<updatedDate>2018-09-08T22:03:01Z</updatedDate> 
<updatedBy> 
<id>8792415669</id> 
<username>user_alex</username> 
<firstName>< ! [CDATA[ Alex] ]></firstName> 
<lastName><! [CDATA[ Smith ] ]></lastName> 
</updatedBy> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Create - multiple criteria (POST) 


Create a new option profile with the name “My Option Profile - All Fields”. The 
"name" setting is required in the request data, other settings are optional. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.0/create/was/optionprofile/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[My Option Profile - All Fields]]></name> 
<timeoutErrorThreshold>22</timeoutErrorThreshold> 
<unexpectedErrorThreshold>50</unexpectedErrorThreshold> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>200</maxCrawlRequests> 
<performance>LOW</performance> 
<bruteforceOption>USER_DEFINED</bruteforceOption> 
<parameterSet><id>15669</id></parameterSet> 
<isDefault>true</isDefault> 
<ignoreBinaryFiles>true</ignoreBinaryFiles> 
<userAgent><![CDATA[Mozilla/5.8 (Windows NT 6.2; WOW64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 
Safari/537.36]]></userAgent> 
<tags><set><Tag><id>75521225669</id></Tag></set></tags> 
<sensitiveContent> 
<customContents>zip code</customContents> 
</sensitiveContent> 
<comments> 
<set> 
<Comment> 


<contents><![CDATA[Some Comment] ]></contents> 
</Comment> 
</set> 
</comments> 
<bruteforceList> 
<id>74005669</id> 
</bruteforceList> 
<detection> 
<includedSearchLists> 
<set> 
<SearchList> 
<id>3496185669</id> 


</SearchList> 
</set> 
</includedSearchLists> 
<excludedSearchLists> 
<set> 
<SearchList> 
<id>3496175669</id> 
</SearchList> 
<SearchList> 
<id>3496165669</id> 
</SearchList> 
</set> 
</excludedSearchLists> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>832275669</id> 
<name><![CDATA[My Option Profile - All Fields] ]></name> 
<owner> 
<id>8792415669</id> 
<username>user_cindy</username> 
<firstName>< ! [CDATA[ Cindy] ]></firstName> 
<lastName>< ! [CDATA[ Green] ] ></lastName> 
</owner> 
<isDefault>true</isDefault> 
<tags> 
<count>1</count> 
Clits 
<Tag> 
<id>75521225669</id> 
<name><![CDATA[Business Units] ]></name> 
</Tag> 
</list> 
</tags> 


<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>200</maxCrawlRequests> 
<timeoutErrorThreshold>22</timeoutErrorThreshold> 
<unexpectedErrorThreshold>58</unexpectedErrorThreshold> 
<userAgent><![CDATA[Mozilla/5.8 (Windows NT 6.2; WOW64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 
Safari/537.36]]></userAgent> 
<parameterSet> 
<id>15669</id> 
<name><![CDATA[Custom Parameters ] ]></name> 
</parameterSet> 
<ignoreBinaryFiles>true</ignoreBinaryFiles> 
<performance>LOW</performance> 
<bruteforceOption>USER_DEFINED</bruteforceOption> 
<bruteforceList> 
<id>74005669</id> 
<name><! [CDATA[BFL ] ]></name> 
</bruteforceList> 
<detection> 
<includedSearchLists> 
<count>1</count> 
<list> 
<SearchList> 
<id>3496185669</id> 
</SearchList> 
</list> 
</includedSearchLists> 
<excludedSearchLists> 
<count>2</count> 
<list> 
<SearchList> 
<id>3496175669</id> 
</SearchList> 
<SearchList> 
<id>3496165669</id> 
</SearchList> 
</list> 
</excludedSearchLists> 
</detection> 
<comments> 
<count>1</count> 
<list> 
<Comment> 
<contents><![CDATA[Some Comment]]></contents> 
</Comment> 
OSE 


</comments> 

<sensitiveContent> 
<creditCardNumber>false</creditCardNumber> 
<socialSecurityNumber>false</socialSecurityNumber> 
<customContents>zip code</customContents> 

</sensitiveContent> 

<createdDate>2017-09-08T22:31:06Z</createdDate> 

<createdBy> 
<id>8792415669</id> 
<username>user_cindy</username> 
<firstName>< ! [CDATA[ Cindy] ]></firstName> 
<lastName><! [CDATA[Green] ]></lastName> 

</createdBy> 

<updatedDate>2017-09-08T22:31:07Z</updatedDate> 

<updatedBy> 
<id>8792415669</id> 
<username>user_cindy</username> 
<firstName>< ! [CDATA[ Cindy] ]></firstName> 
<lastName><! [CDATA[ Green] ] ></lastName> 

</updatedBy> 

</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Create - disable error threshold values, set to O (POST) 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/create/was/optionprofile/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[My OP - with no threshold specified] ]></name> 


<timeoutErrorThreshold>®</timeoutErrorThreshold> 
<unexpectedErrorThreshold>@</unexpectedErrorThreshold> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>453133</id> 
<name> 
<![CDATA[My OP - with no threshold specified] ]|> 
</name> 
<owner> 
<id>4354</id> 
<username>user_amy</username> 
<firstName> 
<! [CDATA[Amy ] ]> 
</firstName> 
<lastName> 
<! [CDATA[Kim] ]> 
</lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>@</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>300< /maxCrawlRequests> 
<parameterSet> 
<id>@</id> 
<name> 
<![CDATA[Initial Parameters] ]> 
</name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<comments> 
<count>@</count> 
</comments> 
<sensitiveContent> 
<creditCardNumber>false</creditCardNumber> 
<socialSecurityNumber>false</socialSecurityNumber> 
</sensitiveContent> 


<createdDate>2817-11-87T01:29:24Z</createdDate> 
<createdBy> 


Sample - Create - enable SmartScan (POST) 


Want to use SmartScan? This feature must be enabled for your subscription. 
We can help you with this quickly - just contact your Technical Account 
Manager or Qualys Support. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/create/was/optionprofile/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name>My Option Profile</name> 
<smartScanSupport>true</smartScanSupport> 
<smartScanDepth>18</smartScanDepth> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/was/optionprofile.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<OptionProfile> 
<id>467333</id> 
<name> 
<![CDATA[My Option Profile] ]|> 
</name> 


<owner> 


<id>4354</id> 
<username>user_aril</username> 
<firstName> 
<! [CDATA[Ari]]> 
</firstName> 
<lastName> 
<! [CDATA[Smith]]> 
</lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>0</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>300</maxCrawlRequests> 
<timeoutErrorThreshold>188</timeoutErrorThreshold> 


<unexpectedErrorThreshold>30@</unexpectedErrorThreshold> 
<parameterSet> 

<id>15601</id> 

<name> 

<![CDATA[Test Paramset ] ]> 

</name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<smartScanSupport>true</smartScanSupport> 
<smartScanDepth>18</smartScanDepth> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption>> 


Sample - Create - enable action URI (POST) 


Create a new option profile with the name “My Option Profile” to include 
action URI. The default option profile settings are assigned automatically. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST"-- 
data-binary@- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/optionprofile" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name> 
<![CDATA[My Option Profile] ]> 

</name> 
<timeoutErrorThreshold>22</timeoutErrorThreshold> 
<unexpectedErrorThreshold>58</unexpectedErrorThreshold> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>200</maxCrawlRequests> 
<performance>LOW</performance> 
<bruteforceOption>DISABLED</bruteforceOption> 
<isDefault>true</isDefault> 
<ignoreBinaryFiles>true</ignoreBinaryFiles> 
<includeActionUriInFormId>true</includeActionUriInFormId> 
<userAgent> 
<![CDATA[Mozilla/5.8 (Windows NT 6.2; 

WOW64)AppleWebKit/537.36 

(KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36]]> 
</userAgent> 
<sensitiveContent> 
<customContents>zip code</customContents> 
</sensitiveContent> 
<comments> 
ISIC, 
<Comment > 
<contents> 
<![CDATA[This is a test comment. ]]> 
</contents> 
</Comment> 
</set> 
</comments> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/portal- 
api/xsd/3.8/was/optionprofile.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 

<data> 

<OptionProfile> 


<id>171683</id> 
<name> 
<![CDATA[My Option Profile - with action URI] ]> 
</name> 
<owner> 
<id>336390</id> 
<username>john_doe</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>®</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>200</maxCrawlRequests> 
<timeoutErrorThreshold>22</timeoutErrorThreshold> 
<unexpectedErrorThreshold>58</unexpectedErrorThreshold> 
<userAgent> 
<![CDATA[Mozilla/5.8 (Windows NT 6.2; 
WOW64)AppleWebKit 
/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 
Safari/537.36 
]]> 
</userAgent> 
<parameterSet> 
<id>@</id> 
<name> 
<![CDATA[Initial Parameters] ]> 
</name> 
</parameterSet> 
<ignoreBinaryFiles>true</ignoreBinaryFiles> 
<includeActionUriInFormId>true</includeActionUriInFormId> 
<smartScanSupport>false</smartScanSupport> 
<performance>LOW</performance> 
<bruteforceOption>DISABLED</bruteforceOption> 
<comments> 
<count>1</count> 
<list> 
<Comment> 
<contents> 
<![CDATA[User Comment] ]> 


</contents> 
<createdDate>2017-11- 
18T15:59:55Z</createdDate> 
</Comment> 
</list> 
</comments> 
<sensitiveContent> 
<creditCardNumber>false</creditCardNumber> 
<socialSecurityNumber>false</socialSecurityNumber> 
<customContents>zip code</customContents> 
</sensitiveContent> 
<createdDate>2017-11-18T15:59:49Z</createdDate> 
<createdBy> 
<id>336390</id> 
<username>john_doe</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</createdBy> 
<updatedDate>2017-11-18T15:59:49Z</updatedDate> 
<updatedBy> 
<id>336390</id> 
<username>john_doe</username> 
<firstName> 
<! [CDATA[ John] ]> 
</firstName> 
<lastName> 
<! [CDATA[Doe] ]> 
</lastName> 
</updatedBy> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Create - associate pre-defined detection category 


Create a new option profile and associate pre-defined detection categories 
with Option Profile. 


Element Description 


detectionCategory={Keyword} 


We now support the following new 
detection categories in your option 
profile: 

--XSS, in request header 

--Denial of Service 

--XSS 

--Path-Related vulnerabilities 

--OWASP Top 10 (2017) 
--Authentication & Session Management 


--Cross-Site Request Forgery 


--XML External Entity (XXE) 
vulnerabilities 


--Flash-Related vulnerabilities 
--Information Disclosure 

--SQL Injection 

--Clickjacking 

--SQL Injection, in request header 


--CMS identification (type, version, and 
plugins) 


--Apache vulnerabilities (Struts & other) 
--Uncategorized 
--CMS vulnerabilities 


--Open Redirect 


Note: <detectionCategories> is mutually 
exclusive with <includedSearchLists> and 


<excludedSearchLists>. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST"-- 
data-binary @- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/optionprofile" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name>sample option profile with detection category</name> 
<detection> 
<detectionCategories> 
GS Gils 
<DetectionCategory> 
<name>Denial of Service</name> 
</DetectionCategory> 
</set> 
</detectionCategories> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance" 
xSi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd 
/3.8/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>305785</id> 
<name> 


<![CDATA[Sample option profile with detection 
category | |> 

</name> 

<owner> 
<id>2501086</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 

</owner> 


<detection> 
<detectionCategories> 
<count>1</count> 
<set> 
<DetectionCategory> 
<id>154</id> 
<name>Denial of Service</name> 
</DetectionCategory> 
</set> 
</detectionCategories> 
</detection> 
<comments> 
<count>®</count> 
</comments> 


</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Create an option profile with XSS Power Mode detection scope 


You can execute specialized scan that performs comprehensive tests for 
cross-site scripting vulnerabilities using the new option profile with XSS 
Power Mode detection scope that we have introduced. The detection scope 
performs tests using the standard XSS payloads, which detect the most 
common instances of XSS, but also with additional payloads that can identify 
XSS in certain, less-common situations. Running a scan with option profile 
that has XSS Power Mode detection scope will provide the best assurance 
that your web application is free from XSS vulnerabilities. 


To launch a scan in the XSS power mode, you need to set the 
<xssPowerMode> element to true under <detection> element. 


Note: The includedSearchLists/excludeSearchLists, detectionCategories, 
xssPowerMode elements are mutually exclusive elements. Thus, you can set 
only one of the elements. under detection element. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" 
databinary@- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/optionprofile" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name>Sample Option Profile With XSS</name> 
<detection> 
<xssPowerMode>true</xssPowerMode> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>1045129</id> 
<name> 
<![CDATA[Launch XSS Power Mode Scan] ]> 
</name> 
<owner> 
<id>412791</id> 
<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<isDefault>false</isDefault> 


<tags> 
<count>®</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>300</maxCrawlRequests> 
<timeoutErrorThreshold>100</timeoutErrorThreshold> 
<unexpectedErrorThreshold>30@</unexpectedErrorThreshold> 
<parameterSet> 
<id>@</id> 
<name> 
<![CDATA[Initial Parameters] ]> 
</name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<includeActionUriInFormId>false</includeActionUriInFormId> 
<smartScanSupport>false</smartScanSupport> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<detection> 
<xssPowerMode>true</xssPowerMode> 
</detection> 
<comments> 
<count>®</count> 
</comments> 
<sensitiveContent> 
<creditCardNumber>false</creditCardNumber> 
<socialSecurityNumber>false</socialSecurityNumber> 
</sensitiveContent> 
<createdDate>2018-07-25T03:45:12Z</createdDate> 
<createdBy> 
<owner> 
<id>412791</id> 
<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
</createdBy> 
<updatedDate>2018-07-25T03:45:12Z</updatedDate> 
<updatedBy> 
<owner> 
<id>412791</id> 
<username>user_john</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</owner> 
</updatedBy> 


</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Enabling XSS Payloads for standard scan 


You can enable comprehensive tests for cross-site scripting vulnerabilities to 
be executed during our standard scan using the new parameter in option 
profile. The comprehensive tests includes XSS with exhaustive set of payloads 
including set of standard payloads. Running a scan with XSS payloads option 
enabled in the detection scope of standard scan will provide the best 
assurance that your web application is free from XSS vulnerabilities. However, 
enabling this option leads to significant increase in the scan time. 


Element Description 


enableXssPayloads (boolean) A flag to indicate if XSS payloads should 
be enabled or disabled during the scan. If the flag is 
set to true, comprehensive tests for cross-site 
scripting vulnerabilities are executed during the 
scan. 


Example: 


<detection> 
<detectionScope>CORE</detectionScope> 
<enableXssPayloads>true</enableXssPayloads> 
</detection> 


Let us create an option profile to launch a standard scan with comprehensive 
tests for cross-site scripting vulnerabilities enabled. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
databinary@- 

"https ://qualysapi.qualys.com/qps/rest/3.0/create/was/optionprofile" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 


<data> 
<OptionProfile> 
<name>Sample Option Profile With XSS Payloads</name> 
<detection> 
<detectionScope>CORE</detectionScope> 
<enableXssPayloads>true</enableXssPayloads> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>81333</id> 
<name> 
<![CDATA[Launch Scan with XSS Payloads enabled] ]> 
</name> 
<owner> 
<id>412791</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>@</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>300</maxCrawlRequests> 
<timeoutErrorThreshold>100</timeoutErrorThreshold> 
<unexpectedErrorThreshold>388</unexpectedErrorThreshold> 
<parameterSet> 
<id>@</id> 
<name> 
<![CDATA[Initial Parameters ] ]> 
</name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 


<includeActionUriInFormId>false</includeActionUriInFormId> 
<enhancedCrawling>false</enhancedCrawling> 
<smartScanSupport>false</smartScanSupport> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<detection> 
<detectionScope>CORE</detectionScope> 
<enableXssPayloads>true</enableXssPayloads> 
</detection> 
<comments> 
<count>®</count> 
</comments> 
<sensitiveContent> 
<creditCardNumber>false</creditCardNumber> 
<socialSecurityNumber>false</socialSecurityNumber> 
</sensitiveContent> 
<createdDate>2019-10-04T11:11:59Z</createdDate> 
<createdBy> 
<owner> 
<id>412791</id> 
<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
</createdBy> 
<updatedDate>2018- 07 -25T03:45:12Z</updatedDate> 
<updatedBy> 
<owner> 
<id>412791</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
</updatedBy> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Create an option profile with custom scan intensity 


You can define your custom scan intensity in the option profile and thus 
control the scan performance accordingly to your configured settings. Using 
our new parameter <customperformance> you can further configure the 
number of threads to be used to scan each host and the delay between 
requests. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
databinary@- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/optionprofile" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[Option Profile with Custom Scan 
Intensity | ]></name> 
<customPerformance> 
<numOfHttpThreads>5</numOfHttpThreads> 
<delayBetweenRequests>100</delayBetweenRequests> 
</customPerformance> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/optionprofile.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<OptionProfile> 
<id>1608560</id> 
<name> 
<![CDATA[Option Profile with Custom Scan Intensity]]> 
</name> 


<smartScanSupport>false</smartScanSupport> 
<customPerformance> 
<numOfHttpThreads>5</numOfHttpThreads> 
<delayBetweenRequests>100</delayBetweenRequests> 
</customPerformance> 
<bruteforceOption>MINIMAL</bruteforceOption> 


</OptionProfile> 


</data> 
</ServiceResponse> 


Sample - Create an option profile with Enhanced Crawling enabled 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
databinary@- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/optionprofile" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[Sample Option Profile] ]></name> 
<enhancedCrawling>true</enhancedCrawling> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<OptionProfile> 
<id>78110</id> 
<name><![CDATA[Sample Option Profile] ]></name> 
<owner> 
<id>337590</id> 


<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>®</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 


<maxCrawlRequests>300</maxCrawlRequests> 
<timeoutErrorThreshold>100</timeoutErrorThreshold> 
<unexpectedErrorThreshold>388</unexpectedErrorThreshold> 
<parameterSet> 

<id>@</id> 

<name> 

<![CDATA[ Initial Parameters] ]> 

</name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 


<includeActionUrilInFormId>false</includeActionUriInFormId> 


<enhancedCrawling>true</enhancedCrawling> 
<smartScanSupport>false</smartScanSupport> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<detection/> 
<comments> 

<count>®</count> 
</comments> 


</lastName> 
</updatedBy> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Create - Everything as detection scope 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST" -- 
databinary@- 


"https://qualysapi.qualys.com/gqps/rest/3.8/create/was/optionprofile" < 


file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 

<OptionProfile> 
<name><![CDATA[Sample Option Profile] ]></name> 

<detection> 
<detectionScope>EVERYTHING</detectionScope> 

</detection> 

</OptionProfile> 


</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>78744</id> 
<name> 
<![CDATA[Sample Option Profile] ]> 
</name> 
<owner> 
<id>337590</id> 
<username>user_john</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>@</count> 
</tags> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>300</maxCrawlRequests> 
<timeoutErrorThreshold>100</timeoutErrorThreshold> 
<unexpectedErrorThreshold>388</unexpectedErrorThreshold> 
<parameterSet> 
<id>@</id> 
<name> 
<![CDATA[Initial Parameters] ]> 
</name> 
</parameterSet> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<includeActionUriInFormId>false</includeActionUriInFormId> 
<enhancedCrawling>false</enhancedCrawling> 
<smartScanSupport>false</smartScanSupport> 
<performance>LOW</performance> 
<bruteforceOption>MINIMAL</bruteforceOption> 
<detection> 
<detectionScope>EVERYTHING</detectionScope> 
</detection> 


<comments> 
<count>@</count> 
</comments> 


</updatedBy> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Create - SSL/TLS and Certificate issues 


You can execute specialized scan that performs tests for SSL/TLS and 
Certificate related vulnerabilities using the option profile with SSL/TLS and 
Certificate category configured in the API request. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
databinary@- 
“https://qualysapi.qualys.com/gps/rest/3.0/create/was/optionprofile" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[Option Profile with SSL data] ]></name> 
<detection> 
<detectionCategories> 
<Sieie> 
<DetectionCategory> 
<name>SSL/TLS and Certificate issues</name> 
</DetectionCategory> 
</set> 
</detectionCategories> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 
<?xml version="1.0" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>897483</id> 
<name> 
<![CDATA[My Option Profile - SSL data] ]> 
</name> 
<owner> 
<id>412791</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<isDefault>false</isDefault> 
<tags> 
<count>@</count> 
</tags> 


<detection> 
<detectionCategories> 
<count>1</count> 
<list> 
<DetectionCategory> 
<id>152</id> 
<name>SSL/TLS and Certificate 
issues</name> 
</DetectionCategory> 
</list> 
</detectionCategories> 
<enableXssPayloads>false</enableXssPayloads> 
</detection> 


</OptionProfile> 


</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/optionprofile.xsd 


Update an Option Profile 
/aps/rest/3.0/update/was/optionprofile/<id> 


[POST] 


Update an option profile which is in the user’s scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and “Update 
Option Profile”. 


Inout Parameters 


The element “id” Cinteger) is required, where “id” identifies an option profile. 
Additional elements are optional and must be supplied in POST XML data. At 
least one of the following elements must be set: name, isDefault, owner, tags, 
formSubmission, maxCrawlRequests, userAgent, parameterSet, 
ignoreBinaryFiles, performance, bruteforceOption, bruteforceList, 
numberOfAttempts, detection, sensitiveContent, comments. 


Click here for available operators 


Parameter Description 

id (integer) The ID of the option profile. 

name (text) The name given to the option profile. 

tags Filter by tags applied. 

tags.id (integer) ID of the tag assigned to option profile. 
tags.name (text) Tag name assigned to option profile. 
owner.id (Long with operator: EQUALS, IN, NOT EQUALS, 


GREATER or LESSER) ID of the owner who created the 
option profile. 


owner.name 


owner.username 


isDefault 
formSubmission 


maxCrawlRequests 


userAgent 


parameterSet 


ignoreBinaryFiles 


performance 


customPerformance* 


(text) Fullname of the user who created the option 
profile. 


(text) Username of the owner who created the option 
profile. (like user_ab3). 


Default option profile for the subscription 
(keyword) Type of form: None, Post, Get, POST& GET 


Total number of links and forms to follow and test within 
the scan scope. If performing a Discovery Scan, this is 
the maximum links that will be crawled, as there will not 
be any testing performed 


Stores the browser and OS details. 


A parameter set tells us the request parameter settings 
you would like us to inject into your web applications 
during scanning. We provide a default one and it is easy 
to configure more. Once defined just select the 
parameter set name in your scan's option profile. 


If you choose these option files with extension zip, pdf, 
doc are not scanned. 


(keyword) Scan Intensity: LOWEST, LOW, MEDIUM, 
HIGH, MAXIMUM. 


Configure the custom intensity level for web application 
scans. 


Example: 


<customPerformance> 
<numOfHttpThreads>10</numOfHttpThreads> 
<delayBetweenRequests>5</delayBetweenRequests> 
</customPerformance> 


numOfHttp Threads 


delayBetweenRequests 


bruteforceOption 


bruteforceList 


numberOfAttempts 


detection 


Note: performance and customPerformance are mutually 
exclusive parameters and cannot be used together. You 
can use only either of them for an option profile. 


(integer) Number of threads to be used to scan each 
host. The valid range is from 1 to 10. 


(integer) The duration of delay introduced by WAS in 
between the scanning engine requests sent to the 
applications server. The valid range is from O to 2000 
milliseconds. 


The level of brute forcing you prefer with options 
ranging from "Minimal" to "Exhaustive". 


(keyword: User List/SYSTEM LIST) 


System list: we'll attempt to guess the password for each 
detected login ID. 


User list: to select a bruteforce list defined in your 
account. 


The threshold to be reached before stopping the scan. If 
you deactivate this settings, the scan will keep running 
no matter how many errors it will find. 


(keyword) Select if scans launched with this profile shall 
perform a full assessment for all WAS detections the 
engine is able to discover, or if the scan shall focus on 
the detection of specific vulnerabilities and/or 
information: Core, Categories, Custom Search list, XSS 
Power Mode, Everything. 


If <detectionScope> is present then the detection scope 
= CORE or EVERYTHING 

Core: Core scope includes vulnerabilities that Qualys 
considers most common in today's web applications. It 
does not include all the vulnerabilities that WAS can 
detect. 

Everything: Everything scope includes all the 
vulnerabilities that WAS can detect. 


enableXssPayloads 


sensitiveContent 


keywordsUrlSearch 


Example: 


<detection> 
<detectionScope>EVERYTHING</detectionScope> 
</detection> 


If <includedSearchLists> or <excludedSearchLists> are 
present then the detection scope = CUSTOM 


If <detectionCategories> is present then the detection 
scope = CATEGORY 


if <xssPowerMode> is true then the detection scope = 
XSS 


Note: The <includedSearchLists>, 
<excludedSearchLists>, <detectionCategories>, 
<xssPowerMode>, <detectionScope> elements are 
mutually exclusive elements. 


(boolean) A flag to indicate if XSS payloads should be 
enabled or disabled during the scan. If the flag is set to 
true, comprehensive tests for cross-site scripting 
vulnerabilities are executed during the scan. 


Example: 


<detection> 
<detectionScope>CORE</detectionScope> 
<enableXssPayloads>true</enableXssPayloads> 
</detection> 


Credit Card Numbers, Social Security Numbers (US), 
Custom Contents. 


(text) Specify keywords in the form of strings and 
regular expressions to search for URL links that contains 
the specified keyword. Currently, we search for 
keywords only in the internal links that are found in the 
crawling phase for target web applications in a 
Discovery/Vulnerability scan. 


You can enter a maximum of 10 keywords where each 


keyword appears on a separate line. A keyword should 
be 5 to 200 characters long. 


During a Discovery/Vulnerability scan, we search for 
these keywords and report all the unique links that 
contain the specified keywords in the Get Finding Details 
API output under information gathered QID 150141. Note 
that we show the crawled links under QID 150009. 


enhancedCrawling (boolean) Improve scan coverage for your web 
application with the enhanced crawling enabled. We will 
re-crawl individual directories present in the links which 
are found during crawling. 


For example, if the following link is found during 
crawling: 


https://www.example.com/foo/abc/xyz/register.php 


If the enhanced crawling is enabled, it will first make a 
request to https://www.example.com/foo/abc/xyz 


and will then remove the directory "xyz/" from the URL 
and crawl, https://www.example.com/foo/abc/ 


and later it will further remove "abc/" and will crawl 
https://www.example.com/foo/. 


All the links found during this process of removal and re- 


crawling will get added to the crawl queue thus 
improving the scan coverage. 


comments User-defined comments. 


Samples 


Update - minimum criteria (POST) 


Update - multiple settings (POST) 


Update - owner (POST) 


Update - custom threshold values (POST) 


Update - disable action URI (POST) 


Update - Detection Category (POST) 


Update Option Profile for Custom Scan Intensity (POST) 


Update an Option Profile to disable enhanced crawling (POST) 


Update option profile to change detection scope to Everything 


Update Option Profile to enable XSS payload 


Update option profile with "SSL/TLS and Certificate issues” 


Sample - Update - minimum criteria (POST) 


Change the option profile name to “Update Option Profile - title” for option 
profile ID 832265669. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/update/was/optionprofile/83 
2265669" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[Update Option Profile - title ]]></name> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 

<responseCode>SUCCESS</responseCode> 

<count>1</count> 


<data> 
<OptionProfile> 
<id>832265669</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Update - multiple settings (POST) 


Update multiple option profile settings for option profile ID 832275669. 


API request 


url -u “USERNAME :PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/update/was/optionprofile/83 
2275669 rt Lie. xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[My Option Profile - All Fields] ]></name> 
<formSubmission>BOTH</formSubmission> 
<maxCrawlRequests>100</maxCrawlRequests> 
<performance>HIGH</performance> 
<bruteforceOption>USER_DEFINED</bruteforceOption> 
<parameterSet ><id>15669</id></parameterSet> 
<isDefault>false</isDefault> 
<ignoreBinaryFiles>false</ignoreBinaryFiles> 
<userAgent><![CDATA[Mozilla/5.8 (Windows NT 6.2; WOW64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 
Safari/537.36]]></userAgent> 
<tags><set><Tag><id>75521225669</id></Tag></set></tags> 
<sensitiveContent> 
<customContents>zip code</customContents> 
</sensitiveContent> 
<comments> 
<set> 
<Comment> 
<contents><![CDATA[Comment 2]]></contents> 
</Comment > 
</set> 


</comments> 
<bruteforceList> 
<id>74005669</id> 
</bruteforceList> 
<detection> 
<includedSearchLists> 
<set> 
<SearchList> 
<id>3496185669</id> 
</SearchList> 
</set> 
</includedSearchLists> 
<excludedSearchLists> 
<set> 
<SearchList> 
<id>3496175669</id> 
</SearchList> 
<SearchList> 
<id>3496165669</id> 
</SearchList> 
</set> 
</excludedSearchLists> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>832275669</id> 
</OptionProfile> 
</data> 
</ServiceRequest> 


Sample - Update - owner (POST) 


Update the option profile owner. 


API request 


curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/optionprofile/12 
3456" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<owner><id>123456</id></owner> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8" ?> 
<ServiceResponse 
xmlns:xsi="http: //www.w3.org/2001/XMLSchema- instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
8/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>123456</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Update - custom threshold values (POST) 


API request 

curl -u “USERNAME: PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.@/update/was/optionprofile/45 
2933" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[My OP - with custom threshold values ]]></name> 


<timeoutErrorThreshold>200</timeoutErrorThreshold> 
<unexpectedErrorThreshold>20</unexpectedErrorThreshold> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="https://qualysapi.qualys.com/gps/xsd/3. 
@/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>452933</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Update - disable action URI (POST) 


Update the Option Profile to disable Action URI. 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml"-X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/optionprofile/17 
6683" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name> 
<![CDATA[My Option Profile - with action URI]]> 
</name> 


<includeActionUriInFormId>false</includeActionUriInFormId> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/ 
XMLSchema-instance"xsi:noNamespaceSchemaLocation="http://qualysapi 
.qualys.com/portal-api/xsd/3.0/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>176683</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Update - Detection Category (POST) 


Update the detection scope in the Option Profile. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml"-X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.@/update/was/optionprofile/17 
6683" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceRequest> 
<data> 
<OptionProfile> 
<detection> 
<detectionCategories> 
<remove> 
<DetectionCategory> 
<name>Denial of Service</name> 
</DetectionCategory> 
</remove> 
<add> 


<DetectionCategory> 
<name>SQL Injection</name> 

</DetectionCategory> 

</add> 
</detectionCategories> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd 
/3.8/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>305786</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Update Option Profile for Custom Scan Intensity (POST) 


Let us update an Option Profile with customized scan intensity. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml"-X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.@/update/was/optionprofile/16 
08560" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name><![CDATA[Update Option Profile with Custom Scan 
Intensity | ]></name> 
<customPerformance> 
<numOfHttpThreads>18</numOfHttpThreads> 


<delayBetweenRequests>20</delayBetweenRequests> 
</customPerformance> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>1608560</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Update an Option Profile to disable enhanced crawling (POST) 


Let us update an Option Profile with customized scan intensity. 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/update/was/optionprofile/83 
2265669" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<enhancedCrawling>false</enhancedCrawling> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 
<?xml version="1.8" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance”" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>832265669</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Update option profile to change detection scope to Everything 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/update/was/optionprofile/83 
2265669" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<detection> 
<detectionScope>EVERYTHING</detectionScope> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>832265669</id> 
</OptionProfile> 


</data> 
</ServiceResponse> 


Sample - Update Option Profile to enable XSS payload 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"-- 
data-binary@- 
“https://qualysapi.qualys.com/gps/rest/3.0/update/was/optionprofile/16 
083" < file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<name>Sample Option Profile With XSS Payloads</name> 
<detection> 
<detectionScope>CORE</detectionScope> 
<enableXssPayloads>true</enableXssPayloads> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>16003</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Update option profile with "SSL/TLS and Certificate issues” 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.@/update/was/optionprofile" < 
file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<OptionProfile> 
<detection> 
<detectionCategories> 
<set> 
<DetectionCategory> 
<name>SSL/TLS and Certificate issues</name> 
</DetectionCategory> 
</set> 
</detectionCategories> 
</detection> 
</OptionProfile> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>897483</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/optionprofile.xsd 


Delete an Option Profile 

/aps/rest/3.0/delete/was/optionprofile/<id> 
/aps/rest/3.0/delete/was/optionprofile 

[POST] 

Delete an option profile that is in the user’s scope. Upon success, the output is 
a list of IDs for the option profiles that were deleted. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and "Delete 
Option Profile”. 

Inout Parameters 

Optional elements are used to retrieve option profiles to delete. When 


multiple elements are specified, parameters are combined using a logical 
AND. All dates must be entered in UTC date/time format. 


Click here for available operators 


Parameter Description 
name (text) The name given to the option profile. 
owner (text) Username of the owner who created the option 


profile. (like user_ab3). 
tags (text) Filter by tags applied to option profile. 


createdDate (date) The date when the option profile was created 
in WAS, in UTC date/time format. 


updatedDate (date) The date when the option profile was updated 
in WAS, in UTC date/time format. 


usedByWebApps (boolean) Web applications used/not used by the 
option profile. 


usedBySchedules (boolean) Scan schedules used/not used by the 
option profile. 


Sample - Delete specific option profile (POST) 


API request 


curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/delete/was/optionprofile/83 
4275669" 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<OptionProfile> 
<id>834275669</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


Sample - Delete multiple option profiles (POST) 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.0/delete/was/optionprofile/" 
< file.xml 

Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">OP</Criteria> 


<Criteria field="updatedDate" operator="LESSER">2017-09- 
e9</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/optionprofile.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1®</count> 
<data> 
<OptionProfile> 
<id>712265669< /id> 
</OptionProfile> 
<OptionProfile> 
<id>752265669</id> 
</OptionProfile> 
<OptionProfile> 
<id>752275669</id> 
</OptionProfile> 
<OptionProfile> 
<id>754265669</id> 
</OptionProfile> 
<OptionProfile> 
<id>812685669</id> 
</OptionProfile> 
<OptionProfile> 
<id>824295669</id> 
</OptionProfile> 
<OptionProfile> 
<id>824305669</id> 
</OptionProfile> 
<OptionProfile> 
<id>830265669</id> 
</OptionProfile> 
<OptionProfile> 
<id>830275669</id> 
</OptionProfile> 
<OptionProfile> 
<id>830285669</id> 
</OptionProfile> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/optionprofile.xsd 


Reference: Option Profile 


The <OptionProfile> element includes sub elements used to define an option 
profile. A reference of these elements is provided below. An asterisk * 
indicates a complex element. 


Parameter Description 

id (integer) The ID of the option profile. 

name (text) The name given to the option profile. 

tags Filter by tags applied. 

tags.id (integer) ID of the tag assigned to option profile. 

tags.name (text) Tag name assigned to option profile. 

createdDate (date) The date when the option profile was created in 
WAS, in UTC date/time format. 

updatedDate (date) The date when the option profile was updated in 
WAS, in UTC date/time format. 

usedByWebApps (boolean) Web applications used/not used by the option 


usedBySchedules 


owner.id 


owner.name 


owner.username 


profile. 


(boolean) Scan schedules used/not used by the option 
profile. 


(Long with operator: EQUALS, IN, NOT EQUALS, 
GREATER or LESSER) ID of the owner who created the 
option profile. 


(text) Full name of the user who created the option 
profile. 


(text) Username of the owner who created the option 
profile. (like user_ab3). 


isDefault 
formSubmission 


maxCrawlRequests 


userAgent 


parameterSet 


ignoreBinaryFiles 


performance 


customPerformance* 


numOfHttpThreads 


delayBetweenRequests 


Default option profile for the subscription 
(keyword) Type of form: None, Post, Get, POST& GET 


Total number of links and forms to follow and test within 
the scan scope. If performing a Discovery Scan, this is 
the maximum links that will be crawled, as there will not 
be any testing performed 


Stores the browser and OS details. 


A parameter set tells us the request parameter settings 
you would like us to inject into your web applications 
during scanning. We provide a default one and it is easy 
to configure more. Once defined just select the 
parameter set name in your scan's option profile. 


If you choose these option files with extension zip, pdf, 
doc are not scanned. 


(keyword) Scan Intensity: LOWEST, LOW, MEDIUM, 
HIGH, MAXIMUM. 


Configure the custom intensity level for web application 
scans. 


Example: 


<customPerformance> 
<numOfHttpThreads>10</numOfHttpThreads> 
<delayBetweenRequests>5</delayBetweenRequests> 
</customPerformance> 


Note: performance and customPerformance are mutually 


exclusive parameters and cannot be used together. You 
can use only either of them for an option profile. 


(integer) Number of threads to be used to scan each 
host. The valid range is from 1 to 10. 


(integer) The duration of delay introduced by WAS in 


bruteforceOption 


bruteforceList 


numberOfAttempts 


detection 


between the scanning engine requests sent to the 
applications server. The valid range is from O to 2000 
milliseconds. 


The level of brute forcing you prefer with options 
ranging from "Minimal" to "Exhaustive". 


(keyword: User List/SYSTEM LIST) 


System list: we'll attempt to guess the password for each 
detected login ID. 


User list: to select a bruteforce list defined in your 
account . 


The threshold to be reached before stopping the scan. If 
you deactivate this settings, the scan will keep running 
no matter how many errors it will find. 


(keyword) Select if scans launched with this profile shall 
perform a full assessment for all WAS detections the 
engine is able to discover, or if the scan shall focus on 
the detection of specific vulnerabilities and/or 
information: Core, Categories, Custom Search list, XSS 
Power Mode, Everything. 


If <detectionScope> is present then the detection scope 
= CORE or EVERYTHING 

Core: Core scope includes vulnerabilities that Qualys 
considers most common in today's web applications. It 
does not include all the vulnerabilities that WAS can 
detect. 

Everything: Everything scope includes all the 
vulnerabilities that WAS can detect. 

Example: 


<detection> 
<detectionScope>EVERYTHING</detectionScope> 
</detection> 


If <includedSearchLists> or <excludedSearchLists> are 
present then the detection scope = CUSTOM 


sensitiveContent 


keywordsUrlSearch 


enhancedCrawling 


If <detectionCategories> is present then the detection 
scope = CATEGORY 


if <xssPowerMode> is true then the detection scope = 
XSS 


Note: The <includedSearchLists>, 
<excludedSearchLists>, <detectionCategories>, 
<xssPowerMode>, <detectionScope> elements are 
mutually exclusive elements. 


Credit Card Numbers, Social Security Numbers (US), 
Custom Contents. 


(text) Specify keywords in the form of strings and 
regular expressions to search for URL links that contains 
the specified keyword. Currently, we search for 
keywords only in the internal links that are found in the 
crawling phase for target web applications in a 
Discovery/Vulnerability scan. 


You can enter a maximum of 10 keywords where each 
keyword appears on a separate line. A keyword should 
be 5 to 200 characters long. 


During a Discovery/Vulnerability scan, we search for 
these keywords in the internal links and report all the 
unique links that contain the specified keywords in the 
Get Finding Details API output under information 
gathered QID 150141. Note that we show the crawled 
links under QID 150009. 


(boolean) Improve scan coverage for your web 
application with the enhanced crawling enabled. We will 
re-crawl individual directories present in the links which 
are found during crawling. 


For example, if the following link is found during 
crawling: 


https://www.example.com/foo/abc/xyz/register.php 


If the enhanced crawling is enabled, it will first make a 


comments 


request to https://www.example.com/foo/abc/xyz 


and will then remove the directory "xyz/" from the URL 
and crawl, https://www.example.com/foo/abc/ 


and later it will further remove "abc/" and will crawl 
https://www.example.com/foo/. 


All the links found during this process of removal and re- 


crawling will get added to the crawl queue thus 
improving the scan coverage. 


User-defined comments. 


DNS Override 


DNS Override Count 
/aps/rest/3.0/count/was/dnsoverride/ 


[GET] [POST] 


Returns the total number of DNS overrides in the user’s scope. Input elements 
are optional and are used to filter the number of option profiles included in 
the count. 


Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The count 
includes web applications in the user's scope. 


Inout Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 

id (integer) The ID of the DNS override. 

name (text) The name given to the DNS override. 

tags Filter by tags applied. 

tags.id (integer) ID of the tag assigned to DNS override. 
tags.name (text) Tag name assigned to DNS override. 
createdDate (date) The date when the DNS override was created in 


WAS, in UTC date/time format. 


updatedDate (date) The date when the DNS override was updated 
in WAS, in UTC date/time format. 


owner.id (Long with operator: EQUALS, IN, NOT EQUALS, 
GREATER or LESSER) ID of the owner who created the 
DNS override. 


owner.name (text) Full name of the user who created the DNS 
override. 


owner.username (text) Username of the owner who created the DNS 
override. (like user_ab3). 


Sample - Count (POST) 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.@/count/was/dnsoverride/" < 
file.xml 

Note: "file.xml" contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">Test 
API</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/dnsoverride.xsd"> 
<responseCode>SUCCESS</responseCode> 

<count>6</count> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/dnsoverride.xsd 


Search DNS Override 
/aps/rest/3.0/search/was/dnsoverride/ 


[POST] 


Returns a list of DNS overrides which are in the user’s scope. Action logs are 
not included in the output. 


Permissions required - User must have WAS module enabled. User account 


must have these permissions: Access Permission “API Access”. The Output 
includes DNS overrides in the user's scope. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 

id (integer) The ID of the DNS override. 

name (text) The name given to the DNS override. 

tags Filter by tags applied. 

tags.id (integer) ID of the tag assigned to DNS override. 
tags.name (text) Tag name assigned to DNS override. 
createdDate (date) The date when the DNS override was created in 


WAS, in UTC date/time format. 


updatedDate (date) The date when the DNS override was updated 
in WAS, in UTC date/time format. 


owner.id (Long with operator: EQUALS, IN, NOT EQUALS, 


GREATER or LESSER) ID of the owner who created the 
DNS override. 


owner.name (text) Full name of the user who created the DNS 
override. 


owner.username (text) Username of the owner who created the DNS 
override. (like user_ab3). 


Sample - Search - criteria (POST) 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/get/was/dnsoverride/" < 
file.xml 

Note: "file.xml" contains the request POST data. 


Request POST data 


<ServiceRequest> 
<filters> 
<Criteria field="name" operator="CONTAINS">Test 
API</Criteria> 
</filters> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2881/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/xsd/3.0/was 
/dnsoverride.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>6</count> 
<hasMoreRecords>false</hasMoreRecords> 
<data> 
<DnsOverride> 
<id>56420</id> 
<name> 
<![CDATA[Test API DNS Record] ]> 
</name> 


<owner> 


<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</owner> 
<tags> 
<count>®</count> 
</tags> 
<createdDate>2019-08-12T13:33:04Z</createdDate> 
<updatedDate>2019-08-12T13:33:04Z</updatedDate> 
</DnsOverride> 
<DnsOverride> 
<id>56422</id> 
<name> 
<![CDATA[Test API Dns Record1] ]> 
</name> 
<owner> 
<id>105686@</id> 
<username>user_john</username> 
<firstName>< ![CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<tags> 
<count>®</count> 
</tags> 
<createdDate>2019-08-12T13:58:59Z</createdDate> 
<updatedDate>2019-08-12T13:58:59Z</updatedDate> 
</DnsOverride> 
<DnsOverride> 
<id>56423</id> 
<name> 
<![CDATA[Test API Dns Record2] ]> 
</name> 
<owner> 
<id>105686@</id> 
<username>user_john</username> 
<firstName><! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</owner> 
<tags> 
<count>2</count> 
</tags> 
<createdDate>2019-08-12T15: 30: 24Z</createdDate> 
<updatedDate>2019-08-12T15:30:30Z</updatedDate> 
</DnsOverride> 
<DnsOverride> 
<id>56621</id> 


<name> 
<![CDATA[Test API Dns Record3] ]> 
</name> 
<owner> 
<id>105686@</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</owner> 
<tags> 
<count>2</count> 
</tags> 
<createdDate>2019-88-12T23:83:53Z</createdDate> 
<updatedDate>2019-08-12T23:03:59Z</updatedDate> 
</DnsOverride> 
<DnsOverride> 
<id>56820</id> 
<name> 
<![CDATA[Test API Dns Record3-Updated] ]> 
</name> 
<owner> 
<id>1056860</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName>< ! [CDATA[ Doe] ]></lastName> 
</owner> 
<tags> 
<count>®</count> 
</tags> 
<createdDate>2019-08-13T00:07:37Z</createdDate> 
<updatedDate>2019-88-16T14:10:18Z</updatedDate> 
</DnsOverride> 
<DnsOverride> 
<id>57020</id> 
<name> 
<![CDATA[Test API Dns Record4]]> 
</name> 
<owner> 
<id>1056860</id> 
<username>user_john</username> 
<firstName>< ! [CDATA[ John] ]></firstName> 
<lastName><! [CDATA[Doe ] ]></lastName> 
</owner> 
<tags> 
<count>1</count> 
</tags> 


<createdDate>2019-88-19T16:25:85Z</createdDate> 
<updatedDate>2019-88-22T12:35:48Z</updatedDate> 
</DnsOverride> 
</data> 
</ServiceResponse> 


XSD 


<platform API server>/qps/xsd/3.0/was/dnsoverride.xsd 


Get DNS Override Details 

/qps/rest/3.0/get/was/dnsoverride/<id> 

[GET] 

View details for an DNS override which is in the user’s scope. See “Search 
DNS overrides” to find a record ID to use as input. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. The Output 
includes DNS overrides in the user's scope. 

Input Parameters 

The element “id” (integer) is required, where “id” identifies an option profile. 


Click here for available operators 


Sample - Get details of an option profile (GET) 


Let us fetch details of DNS override. Ensure that you do not add any data or 
filter in the request. 


API request 


curl -u "USERNAME:PASSWORD" " -X GET -H "Content-type: text/xml" 
"https://qualysapi.qualys.com/gqps/rest/3.8/get/was/dnsoverride/57020" 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xsi:noNamespaceSchemalocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/dnsoverride.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<DnsOverride> 
<id>57020</id> 
<name> 
<![CDATA[Test API DNS Record4] ]> 
</name> 


<mappings> 
<count>3</count> 
<list> 
<DnsMapping> 
<hostName>host_1</hostName> 
<ipAddress>1.2.3.7</ipAddress> 
</DnsMapping> 
<DnsMapping> 
<hostName>host_2</hostName> 
<ipAddress>1.2.3.5</ipAddress> 
</DnsMapping> 
<DnsMapping> 
<hostName>host_3</hostName> 
<ipAddress>1.2.3.5</ipAddress> 
</DnsMapping> 
</list> 
</mappings> 
</DnsOverride> 
</data> 
</ServiceResponse> 


Create DNS Override 
/aps/rest/3.0/create/was/dnsoverride 


[POST] 


Create a new DNS Override. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. 


Input Parameters 


The element “name” (text) and "mappings" is required, where “name” is name 
of the DNS override. 


Click here for available operators 


Parameter Description 
name (text) The name given to the DNS override. 
DnsMapping Use to configure the DNS override setting through API. 
(keyword) You need to specify the hostname or FQDN and the 
corresponding IP address to be preferred for scanning. 
Example: 
<set> 
<DnsMapping> 


<hostName>test</hostName> 
<ipAddress>2.3.4.5</ipAddress> 
</DnsMapping> 
</set> 


When you create a new DNS override, ensure: 


-Name (Required): Name should be unique. 


-Tags: The tag id should be valid and in scope of 
current user. Use only <Set> tag. 


-Mappings (Required): Each mapping must have 
hostName and lpAddress in valid format. Use only 
<Set> tag. 


-Comments: Only <Set> with 1 comment is allowed with 
maximum length 2048 characters. 


Sample - Create DNS Override (POST) 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/create/was/dnsoverride/" < 
file.xml 

Note: "file.xml" contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<DnsOverride> 
<name><![CDATA[DNS Record] ]></name> 
<mappings> 
<set> 
<DnsMapping> 
<hostName>host_1</hostName> 
<ipAddress>2.3.4.5</ipAddress> 
</DnsMapping> 
<DnsMapping> 
<hostName>host_2</hostName> 
<ipAddress>1.2.3.4</ipAddress> 
</DnsMapping> 
</set> 
</mappings> 
<tags> 
<set> 
<Tag> 
<id>8993614</id> 


</Tag> 
<Tag> 
<id>8876615</id> 
</Tag> 
</set> 
</tags> 
</DnsOverride> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/dnsoverride.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<DnsOverride> 
<id>57220</id> 
<name> 
<![CDATA[DNS Record] ]> 
</name> 


<mappings> 
<count>2</count> 
<list> 
<DnsMapping> 
<hostName>host_1</hostName> 
<ipAddress>2.3.4.5</ipAddress> 
</DnsMapping> 
<DnsMapping> 
<hostName>host_2</hostName> 
<ipAddress>1.2.3.4</ipAddress> 
</DnsMapping> 
GOES 
</mappings> 
</DnsOverride> 
</data> 
</ServiceResponse> 


Update an DNS Override 


/aps/rest/3.0/update/was/dnsoverride 


[POST] 


Update an DNS override which is in the user's scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. 


Input Parameters 


Click here for available operators 


Parameter 


name 


DnsMapping 
(keyword) 


Description 
(text) The name given to the DNS override. 


Use to configure the DNS override setting through API. 
You need to specify the hostname or FQDN and the 
corresponding IP address to be preferred for scanning. 


Example: 


<set> 
<DnsMapping> 
<hostName>test</hostName> 
<ipAddress>2.3.4.5</ipAddress> 
</DnsMapping> 
</set> 


When you update an DNS override, ensure: 


-Name: In case of name update, the updated name 
should be unique. 


-Id is required. 


-At lease one of the following should be present other 


than id: Name, owner, tags, comments, mappings 


-Tags: The <set> and <Add>/ <Removed> tags are 
mutually exclusive. Either use <set> or <Add> and 
<Removed>. 


- Mappings: The <set> and <Add>/ <Removed> tags are 
mutually exclusive. Either use <set> or <Add> and 
<Removed>. 


Sample - Update DNS Override (POST) 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/dnsoverride/" < 
file.xml 

Note: "file.xml" contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<DnsOverride> 
<name><![CDATA[DNS Record] ]></name> 
<mappings> 
<set> 
<DnsMapping> 
<hostName>host_1</hostName> 
<ipAddress>2.3.4.5</ipAddress> 
</DnsMapping> 
<DnsMapping> 
<hostName>host_2</hostName> 
<ipAddress>1.2.3.4</ipAddress> 
</DnsMapping> 
</set> 
</mappings> 
<tags> 
<set> 
<Tag> 
<id>8993614</id> 
</Tag> 


<Tag> 
<id>8876615</id> 
</Tag> 
</set> 
</tags> 
</DnsOverride> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8" ?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/dnsoverride.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<DnsOverride> 
<id>57020</id> 
</DnsOverride> 
</data> 
</ServiceResponse> 


Sample - Update DNS Override (using add and remove tag) 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/qps/rest/3.0/update/was/dnsoverride/" < 
file.xml 

Note: "file.xml" contains the request POST data. 


Request POST data 


<ServiceRequest> 
<data> 
<DnsOverride> 
<name><![CDATA[DNS Record] ]></name> 
<mappings> 
<remove> 
<DnsMapping> 
<hostName>host_1</hostName> 
<ipAddress>1.2.3.4</ipAddress> 
</DnsMapping> 


<DnsMapping> 
<hostName>host_2</hostName> 
<ipAddress>1.2.3.6</ipAddress> 
</DnsMapping> 
</remove> 
<add> 
<DnsMapping> 
<hostName>host_3</hostName> 
<ipAddress>1.2.3.5</ipAddress> 
</DnsMapping> 
<DnsMapping> 
<hostName>host_4</hostName> 
<ipAddress>1.2.3.7</ipAddress> 
</DnsMapping> 
</add> 
</mappings> 
<tags> 
<set> 
<Tag> 
<id>8993614</id> 
</Tag> 
<Tag> 
<id>8876615</id> 
</Tag> 
</set> 
</tags> 
</DnsOverride> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.8" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemalLocation="http://qualysapi.qualys.com/qps/xsd/3.0 
/was/dnsoverride.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<DnsOverride> 
<id>57020</id> 
</DnsOverride> 
</data> 
</ServiceResponse> 


Delete DNS Override 


/aps/rest/3.0/delete/was/dnsoverride 


[POST] 


Delete a DNS override that is in the user’s scope. 


Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access”. 


Input Parameters 


Optional elements are used to retrieve DNS overrides to delete. When 
multiple elements are specified, parameters are combined using a logical 
AND. All dates must be entered in UTC date/time format. 


Click here for available operators 


Parameter 
id 

name 
tags 
tags.id 
tags.name 


createdDate 


updatedDate 


owner.id 


Description 

(integer) The ID of the DNS override. 

(text) The name given to the DNS override. 
Filter by tags applied. 

(integer) ID of the tag assigned to DNS override. 
(text) Tag name assigned to DNS override. 


(date) The date when the DNS override was created in 
WAS, in UTC date/time format. 


(date) The date when the DNS override was updated 
in WAS, in UTC date/time format. 


(Long with operator: EQUALS, IN, NOT EQUALS, 
GREATER or LESSER) ID of the owner who created the 


DNS override. 


owner.name (text) Full name of the user who created the DNS 
override. 


owner.username (text) Username of the owner who created the DNS 
override. (like user_ab3). 


Sample - Delete specific DNS override (POST) 


API request 


curl -u "USERNAME : PASSWORD" -H “content-type: text/xml" -X "POST"-- 
data-binary@- 
"https://qualysapi.qualys.com/gps/rest/3.8/delete/was/dnsoverride/" < 
file.xml 

Note: "file.xml" contains the request POST data. 


Request POST Data 


<ServiceRequest> 
<filters> 
<Criteria field="id" operator="EQUALS">57020</Criteria> 
</filters> 
<data> 
<DnsOverride> 
<id>57220</id> 
</DnsOverride> 
</data> 
</ServiceRequest> 


XML response 


<?xml version="1.0" encoding="UTF-8"?> 
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance' 
xSi:noNamespaceSchemaLocation="http: //qualysapi.qualys.com/qps/xsd/3.0 
/was/dnsoverride.xsd"> 
<responseCode>SUCCESS</responseCode> 
<count>1</count> 
<data> 
<DnsOverride> 
<id>57220</id> 
</DnsOverride> 
</data> 


</ServiceResponse> 


Reference: DNS Override 


The <OptionProfile> element includes sub elements used to define an option 
profile. A reference of these elements is provided below. An asterisk * 
indicates a complex element. 


Parameter 
id 

name 
tags 
tags.id 
tags.name 


createdDate 


updatedDate 


owner.id 


owner.name 


owner.username 


DnsMapping 
(keyword) 


Description 

(integer) The ID of the DNS override. 

(text) The name given to the DNS override. 
Filter by tags applied. 

(integer) ID of the tag assigned to DNS override. 
(text) Tag name assigned to DNS override. 


(date) The date when the DNS override was created in 
WAS, in UTC date/time format. 


(date) The date when the DNS override was updated in 
WAS, in UTC date/time format. 


(Long with operator: EQUALS, IN, NOT EQUALS, 
GREATER or LESSER) ID of the owner who created the 
DNS override. 


(text) Full name of the user who created the DNS 
override. 


(text) Username of the owner who created the DNS 
override. (like user _ab5). 


Use to configure the DNS override setting through API. 
You need to specify the hostname or FQDN and the 
corresponding IP address to be preferred for scanning. 


Example: 


<set> 
<DnsMapping> 
<hostName>test</hostName> 
<ipAddress>2.3.4.5</ipAddress> 
</DnsMapping> 
</set> 


When you create a new DNS override, ensure: 
-Name (Required): Name should be unique. 


-Tags: The tag id should be valid and in scope of 
current user. Use only <Set> tag. 


-Mappings (Required): Each mapping must have 
hostName and lpAddress in valid format. Use only 
<Set> tag. 


-Comments: Only <Set> with 1 comment is allowed with 
maximum length 2048 characters. 


When you update an DNS override, ensure: 


-Name: In case of name update, the updated name 
should be unique. 


-Id is required. 


-At lease one of the following should be present other 
than id: Name, owner, tags, comments, mappings 


-Tags: The <set> and <Add>/ <Removed> tags are 
mutually exclusive. Either use <set> or <Add> and 
<Removed>. 


- Mappings: The <set> and <Add>/ <Removed> tags are 
mutually exclusive. Either use <set> or <Add> and 
<Removed>. 


Burp 


Import Burp Issues 

/aps/rest/3.0/import/was/burp 

[POST] 

Imports Burp scan reports and store the findings discovered by the Burp Suite 
scanner with those discovered by WAS. You can import Burp reports to 
manage your Burp findings with WAS. 

Permissions required - User must have WAS module enabled. User account 
must have these permissions: Access Permission “API Access” and WAS 
Permission “Import Burp Report”. 


Input Parameters 


These elements are optional and act as filters. When multiple elements are 
specified, parameters are combined using a logical AND. 


Click here for available operators 


Parameter Description 


webAppld (integer)The web application ID. This element is assigned 
by the service and required for an update request. 


purgeResults (boolean) Set to false to indicate if all previous issues for 
the web application should be retained. By default, it is 
set to false. 


Example: <purgeResults>false</purgeResults> 


closeUnreportedlssues (boolean) Set to false to indicate if all previous issues for 
the web application should be marked as fixed and 
should not be reported. By default, it is set to false. 


<closeUnreportedIssues>false</closeUnreportedIssues> 


fileName (text) Name of the Burp XML file to be imported. If name 
is not specified, default format for the file name is API- 
ImportBurp-dd-mmm-yy hh:mm:ss 


Sample - Import Burp Report 


Let us import a burp report for web application with webApplD equal to 
1052902. To import the Burp report, you need to specify the webApplD and 
then paste the contents of the burp results (XML) file in <burpXml> tag. 


API request 


curl -u "USERNAME:PASSWORD" -H “content-type: text/xml" -X "POST" -- 
data-binary @- 
"https://qualysapi.qualys.com/qps/rest/3.0/import/was/burp" < file.xml 
Note: “file.xml” contains the request POST data. 


Request POST data 


<ServiceRequest> 

<data> 

<webAppId>1524084< /webAppId> 
<purgeResults>false</purgeResults> 
<closeUnreportedIssues>false</closeUnreportedIssues> 
<fileName>testBurpReportImport</fileName> 

<burpXml><?xml version="1.0"?> 

<!DOCTYPE issues [ 

<!ELEMENT issues (issue*)> 

<!ATTLIST issues burpVersion CDATA ""> 

<!ATTLIST issues exportTime CDATA ""> 

<!ELEMENT issue (serialNumber, type, name, host, path, location, 
severity, confidence, issueBackground?, remediationBackground?, 
references?, vulnerabilityClassifications?, issueDetail?, 
issueDetailItems?, remediationDetail?, requestresponse*, 
collaboratorEvent*, infiltratorEvent*, staticAnalysis*, 
dynamicAnalysis*)> 

<!ELEMENT serialNumber (#PCDATA)> 

<!ELEMENT type (#PCDATA) > 

<!ELEMENT name (#PCDATA) > 

<!ELEMENT host (#PCDATA) > 

< VATES host ip" CDATA ZZ 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<lATTLIST 
<!ATTLIST 
<! ELEMENT 
<!ATTLIST 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<! ELEMENT 
<! ELEMENT 
<!ELEMENT 
<! ELEMENT 


path (#PCDATA)> 

location (#PCDATA)> 

severity (#PCDATA)> 

confidence (#PCDATA)> 

issueBackground (#PCDATA)> 

remediationBackground (#PCDATA)> 

references (#PCDATA)> 
vulnerabilityClassifications (#PCDATA)> 
issueDetail (#PCDATA)> 

issueDetailItems (issueDetailItem*)> 
issueDetailItem (#PCDATA)> 

remediationDetail (#PCDATA)> 

requestresponse (request?, response?, responseRedirected?)> 
request (#PCDATA)> 

request method CDATA ""> 

request base64 (true|false) "false"> 

response (#PCDATA)> 

response base64 (true|false) "false"> 
responseRedirected (#PCDATA)> 

sender (#PCDATA)> 

message (#PCDATA)> 

conversation (#PCDATA)> 

recipient (#PCDATA)> 

recipients (recipient*)> 

smtp (sender, recipients, message, conversation)> 
collaboratorEvent (interactionType, originIp, time, 


lookupType?, lookupHost?, requestresponse?, smtp?)> 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 


interactionType (#PCDATA) > 

originIp (#PCDATA) > 

time (#PCDATA)> 

lookupType (#PCDATA) > 

lookupHost (#PCDATA) > 

infiltratorEvent (parameterName, platform, signature, 


stackTrace?, parameterValue?, collaboratorEvent) > 


<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 
<!ELEMENT 


parameterName (#PCDATA) > 

platform (#PCDATA) > 

signature (#PCDATA)> 

stackTrace (#PCDATA)> 

parameterValue (#PCDATA)> 

dynamicAnalysis (source, sink, sourceStackTrace, 


sinkStackTrace, eventListenerStackTrace, sourceValue, sinkValue, 
eventHandlerData, eventHandlerDataType, eventHandlerManipulatedData, 
poc, origin, isOriginChecked, sourceElementId, sourceElementName, 
eventFiredEventName, eventFiredElementId, eventFiredElementName, 
eventFiredOuterHtml)> 


<!ELEMENT 


staticAnalysis (source, sink, codeSnippets)> 


<!ELEMENT source (#PCDATA) > 
<!ELEMENT sink (#PCDATA) > 
<!ELEMENT sourceStackTrace (#PCDATA) > 
<!ELEMENT sinkStackTrace (#PCDATA) > 
<!ELEMENT eventListenerStackTrace (#PCDATA) > 
<!ELEMENT sourceValue (#PCDATA) > 
<!ELEMENT sinkValue (#PCDATA)> 
<!ELEMENT eventHandlerData (#PCDATA) > 
<!ELEMENT eventHandlerDataType (#PCDATA) > 
<!ELEMENT sourceElementId (#PCDATA) > 
<!ELEMENT sourceElementName (#PCDATA) > 
<!ELEMENT eventFiredEventName (#PCDATA) > 
<!ELEMENT eventFiredElementId (#PCDATA)> 
<!ELEMENT eventFiredElementName (#PCDATA) > 
<!ELEMENT eventFiredOuterHtml (#PCDATA) > 
<!ELEMENT eventHandlerManipulatedData (#PCDATA) > 
<!ELEMENT poc (#PCDATA)> 
<!ELEMENT origin (#PCDATA) > 
<!ELEMENT isOriginChecked (#PCDATA) > 
<!ELEMENT codeSnippets (codeSnippet*)> 
<!ELEMENT codeSnippet (#PCDATA) > 
]> 
<issues burpVersion="2.8.28beta" exportTime="Wed May 29 08:45:42 CDT 
2019"> 
<issue> 
<serialNumber>5018346890832155648</serialNumber> 
<type>16777728</type> 
<name><![CDATA[Unencrypted communications | ]></name> 
<host ip="172.217.164.116">http://google- 
gruyere.appspot.com</host> 
<path><! [CDATA[/]]></path> 
<location><! [CDATA[/]]></location> 
<severity>Low</severity> 
<confidence>Certain</confidence> 
<issueBackground><![CDATA[<p>The application allows users to 
connect to it over unencrypted connections. An attacker suitably 
positioned to view a legitimate user's network traffic could record 
and monitor their interactions with the application and obtain any 
information the user supplies. Furthermore, an attacker able to modify 
traffic could use the application as a platform for attacks against 
its users and third-party websites. Unencrypted connections have been 
exploited by ISPs and governments to track users, and to inject 
adverts and malicious JavaScript. Due to these concerns, web browser 
vendors are planning to visually flag unencrypted connections as 
hazardous.</p> 
<p> 


To exploit this vulnerability, an attacker must be suitably positioned 
to eavesdrop on the victim's network traffic. This scenario typically 
occurs when a client communicates with the server over an insecure 
connection such as public Wi-Fi, or a corporate or home network that 
is shared with a compromised computer. Common defenses such as 
Switched networks are not sufficient to prevent this. An attacker 
situated in the user's ISP or the application's hosting infrastructure 
could also perform this attack. Note that an advanced adversary could 
potentially target any connection made over the Internet's core 
infrastructure. 
</p> 
<p>Please note that using a mixture of encrypted and unencrypted 
communications is an ineffective defense against active attackers, 
because they can easily remove references to encrypted resources when 
these references are transmitted over an unencrypted 
connection.</p>]]></issueBackground> 

<remediationBackground><![CDATA[<p>Applications should use 
transport-level encryption (SSL/TLS) to protect all communications 
passing between the client and the server. The Strict-Transport- 
Security HTTP header should be used to ensure that clients refuse to 
access the server over an insecure 
connection.</p>]]></remediationBackground> 

<references><! [CDATA[ <ul> 
<li><a href="https://www. chromium. org/Home/chromium-security/marking- 
http-as-non-secure">Marking HTTP as non-secure</a></li> 
<li><a 
href="https://wiki.mozilla.org/Security/Server Side TLS">Configuring 
Server-Side SSL/TLS</a></li> 
<li><a href="https://developer.mozilla.org/en- 
US/docs/Web/Security/HTTP_ strict transport security" >HTTP Strict 
Transport Security</a></li> 
</ul>]]></references> 

<vulnerabilityClassifications><![CDATA[<ul> 
<li><a href="https://cwe.mitre.org/data/definitions/326.html">CWE-326: 
Inadequate Encryption Strength</a></li> 
</ul>]]></vulnerabilityClassifications> 

</issue> 
<issue> 

<serialNumber>5761124851012705280</serialNumber> 

<type>2097920</type> 

<name><![CDATA[Cross-site scripting (reflected) ]]></name> 

<host ip="172.217.164.116">http: //google- 
gruyere.appspot.com</host> 

<path><! [CDATA[ /922324844025/login] ]></path> 

<location><! [CDATA[ /922324844025/login [URL path 
filename] ]]></location> 


<severity>High</severity> 

<confidence>Certain</confidence> 

<issueBackground><![CDATA[<p>Reflected cross-site scripting 
vulnerabilities arise when data is copied from a request and echoed 
into the application's immediate response in an unsafe way. An 
attacker can use the vulnerability to construct a request that, if 
issued by another application user, will cause JavaScript code 
supplied by the attacker to execute within the user's browser in the 
context of that user's session with the application.</p> 
<p>The attacker-supplied code can perform a wide variety of actions, 
such as stealing the victim's session token or login credentials, 
performing arbitrary actions on the victim's behalf, and logging their 
keystrokes.</p> 
<p>Users can be induced to issue the attacker's crafted request in 
various ways. For example, the attacker can send a victim a link 
containing a malicious URL in an email or instant message. They can 
submit the link to popular web sites that allow content authoring, for 
example in blog comments. And they can create an innocuous looking web 
site that causes anyone viewing it to make arbitrary cross-domain 
requests to the vulnerable application (using either the GET or the 
POST method) .</p> 
<p>The security impact of cross-site scripting vulnerabilities is 
dependent upon the nature of the vulnerable application, the kinds of 
data and functionality that it contains, and the other applications 
that belong to the same domain and organization. If the application is 
used only to display non-sensitive public content, with no 
authentication or access control functionality, then a cross-site 
scripting flaw may be considered low risk. However, if the same 
application resides on a domain that can access cookies for other more 
security-critical applications, then the vulnerability could be used 
to attack those other applications, and so may be considered high 
risk. Similarly, if the organization that owns the application is a 
likely target for phishing attacks, then the vulnerability could be 
leveraged to lend credibility to such attacks, by injecting Trojan 
functionality into the vulnerable application and exploiting users' 
trust in the organization in order to capture credentials for other 
applications that it owns. In many kinds of application, such as those 
providing online banking functionality, cross-site scripting should 
always be considered high risk. </p>]]></issueBackground> 

<remediationBackground><![CDATA[<p>In most situations where user- 
controllable data is copied into application responses, cross-site 
scripting 

attacks can be prevented using two layers of defenses:</p> 
<ul> 
<li>Input should be validated as strictly as possible on arrival, 

given the kind of content that 


it is expected to contain. For example, personal names should consist 
of alphabetical 
and a small range of typographical characters, and be relatively 
short; a year of birth 
should consist of exactly four numerals; email addresses should match 
a well-defined 
regular expression. Input which fails the validation should be 
rejected, not sanitized.</li> 
<li>User input should be HTML-encoded at any point where it is copied 
into 
application responses. All HTML metacharacters, including &lt; &gt; 
' and =, should be 
replaced with the corresponding HTML entities (&amp;lt; &amp;gt; 
etc).</li></ul> 
<p>In cases where the application's functionality allows users to 
author content using 
a restricted subset of HTML tags and attributes (for example, blog 
comments which 
allow limited formatting and linking), it is necessary to parse the 
supplied HTML to 
validate that it does not use any dangerous syntax; this is a non- 
trivial task.</p>]]></remediationBackground> 
<references><![CDATA[<ul><li><a 
href="https://support.portswigger.net/customer/portal/articles/1965737 
-Methodology_XSS.html">Using Burp to Find XSS 
issues</a></li></ul>]]></references> 
<vulnerabilityClassifications><![CDATA[<ul> 
<li><a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79: 
Improper Neutralization of Input During Web Page Generation ('Cross- 
site Scripting')</a></li> 
<li><a href="https://cwe.mitre.org/data/definitions/88.html">CWE-8®: 
Improper Neutralization of Script-Related HTML Tags in a Web Page 
(Basic XSS)</a></1i> 
<li><a href="https://cwe.mitre.org/data/definitions/116.html">CWE-116: 
Improper Encoding or Escaping of Output</a></li> 
<li><a href="https://cwe.mitre.org/data/definitions/159.html">CWE-159: 
Failure to Sanitize Special Element</a></li> 
</ul>] ]></vulnerabilityClassifications> 
<issueDetail><![CDATA[The value of the URL path filename is copied 
into the HTML document as plain text between tags. The payload 
<b>bpi9f&lt; script&gt;alert(1)&lt;/script&gt;j4wjy</b> was submitted 
in the URL path filename. This input was echoed unmodified in the 
application's response.<br><br>This proof-of-concept attack 
demonstrates that it is possible to inject arbitrary JavaScript into 
the application's response. ]]></issueDetail> 
<requestresponse> 


<request method="GET" 
base64="true"><! [CDATA[ ROVUIC85MjIZMjQ4NDQwMjUvbG9naW5icGk5ZiUzY3Njcm1 
wdCUZZWF SZXJOKDEpJ TNJL3NjcmlwdCUZZWo@d2p5P3VpZD1hYWF hI nB3PWIiYmIgSFRUU 
C8xLjENCkhvc306IGdvb2dsZS1ncnV5ZXJI 1LmFwcHNwb3QuY29tDQpVcGdyYWR1ILULuc2V 
jdXILLVI1cXV1c3RZ0iAxDQpVc 2VyLUFnZW5@0iBNb3ppbGxhLZzUuMCAoV21uZG93cyBOV 
CAxMCAwOyBXaWA42NDsgeDYOKSBBCHBSZVdlYktpdC81MzcuMzYgKEtIVEIMLCBsaWt1lIEd 
1Y2tvKSBDaHJvbWUVNZQUMCAZNZISLJEINYyBTYWZhcmkvNTM3LJjM2DQpBY2NICHQ6IHRIe 
HQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bwWwsYXBwbG1 jYXRpb24veG1sO3E9MC45LG1 
tYWd1L3d1YnAsaWihZ2UvYXBuZywqLyo7cT@wLjgsYXBwbG1 jYXRpb24vc21nbmVkLWV4Y 
2hhbmd103Y9YjMNC1I1ZmVyZXI6IGh@dHA6Ly9nb29nbGUtZ3I LeWVyZSShcHBzcG9@LmN 
vbS85Mj IZMjQ4NDQwMjUvbG9naW4NCkF jY2VwdC1FbmNvZG1uZzogZ3ppcCwgZGVmbGF OZ 
QOKQWNjZXBOLUxhbmd1YWdlOiBlbiiVUyxlbjtxPTAuOQOKQ2IVva2 1 101iBHUIVZRVJFPQO 
KQ29ubmVjdGlvbjogY2xvc2UNCg@K | ]></request> 
<response 

base64="true">< ! [CDATA[ SFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db25@cm9sOiBuby1 
JYWNOZQOKQ29udGVudC10eXB10iBOZXhOL2hObWwNCIByYWdtYTogbm8tyY2F j aGUNC1gtw 
FNTLVByb3R1Y3Rpb246IDANC1gtQ2xvdWQtVHIhY 2UtQ29udGV4dDogMTh1MjRkZDkyZTY 
WY TNIMTQONWIKMTQxNmJmYTAXMGYNC1Zhcnk6IEF jY2VwdC1FbmNvZGluZw@KRGFO@ZTogV 
2VkLCAyOSBNYXkgMjAxOSAxXMZO@MTowNiBHTVQNCINIcnZ1cjogR29vZ2x1IEZyb250ZW5 
kDQpDb250ZW50LUx1bmd@aDogMjE4NQOKQ29ubmVjdGlvbjogY2xvc 2UNCg@KPCFETONUW 
VBFIEhUTUwgUFVCTEIDICItLyY9XMOMVLORURCBIVEIMIDQUMDEgVHJhbnNpdGlvbmFsLy9 
FTiI+CjwhLS8g029weXJpZ2h8IDIwMTcgR29VZ2x1IEluYy4gLS®+CjxodG1sPgo8aGVhZz 
DAKPHRpdGx1PkdydX11cmU6IEVycm9yPC98aXRSZTAKPHNOEWXx1PgovKiBDb3B5cmlnaHQ 
gMjAxNyBHb29nbGUgSW5jLiAqLwoKYm9keSwgaHRtbCwgdGQs IHNwYW4sIGRpdiwgaW5wd 
XQsIHR1leHRhcmVhIHsSKICBmb250LWZhbW1seTogc2Fucy1zZXJ pZjsKICBmb250LXNpemU 
6IDEOCHQ7CNOKCmI vZHKkgewogIGIhY2tncm91ibmQ6THVybCgnY2h1ZXN1LnBuZycpIHRvc 
CBjZW50ZXI gcmVwZWFO@OwogIHRleHQtYWxpZ246IGN1bnR1cjsKICBvcGF jaXR50iAwL jg 
wOwp9CgpoMiB7CiAgdGV4dCihbG1nbjogY2VudGVyOwogIGZvbnQtc216ZTogMzBwdDsKI 
CBmb25@LXd laWdodDogYm9sZDsKfQoKdGQgewogIHZ1cnRpY2F sLWFsaWdu0iB@b3A7CiA 
gcGFkZGluZzogNXB40wp9CgphLCBhOmhvdmVy IHsKICBO@ZXhOLWR1Y29yYXRpb2461IHVuZ 
GVybGluZTsKICBjb2xvcjogIzAwMDBiYjsKFQoKYTp2aXNpdGVKIHSKICBjb2xvcjogI2] 
iMDAwMDsKfQoKYSB5idXROb246dmlzaXRIZCB7CiAgY29sb3I6ICMwMDAwYmI7CnekCi5jb 
250ZWS5OIHSKICBOZXhOLWF saWdu0iBsZWZ@OwogIG1ihcmdpbilsZWZe0iBhdXRvOwogIG1 
hcmdpbilyawWwdodDogYXV@bzsKICB3aWR@aDogOTALOWogIGIhY2tncm91bmQ6ICNmZmZmY 
2M7CiAgcGFkZGluZzogMjBweDsKICBib3JkZXI6IDNweCBzb2xpZCAjZmZiMTQ5Owp9Cgo 
ubWVudSB7CiAgdGV4dC1ihbG1nbjogbGVmdDsKICBwYWRkaW5nOiAxMHB4IDIwcHggMzVwe 
CAyMHB40wogIG1hcmdpbi1sZWZ@0iBhdXRvOwogIG1hcmdpbilyaWdodDogYxXV@bzsKICB 
tYXInawW4tdG9w0iAyMHB40wog IHdpZHRoOiA5MCU7CiAgYmF ja2dyb3VuZDogI2ZmZmZjY 
ZSKICBib3JkZXI6IDNweCBzb2xpZCAjZmZiMTQSOwp9CgoubWVudS11c2VyIHsKICBjb2x 
vc jogI zAwMDAWMDsKICBmb25@LXdlaWdodDogYm9sZDsKfQoKI211bnUtbGVmdCB7CiAgZ 
mxVYXQ6IGx1ZnQ7CnNOKCINtZW51LWx1ZnQgYSwgI211bnUtbGVmdCBhOmhvdmVyLCAjbwWV 
udS1sZWZ@IGE6dm1zaXR1ZCB7CiAgY29sb3I6I1CMwMDAWMDA7Cn@KCiNtZW51LXJ pZ2heI 
HsKICBmbG9hdDogcm1lnaHQ7Cn@KCiINtZW51LXIpZ2h@IGESICNtZwW51LXJ pZ2h@IGE6aG9 
2ZXISICNtZW51LXIpZ2h@IGE6dm1zaXR1ZCB7CiAgY29sb316I1CMwMDAWMDA7Cn@KCi5tZ 
XNzYWd1LIHsKICB3aWR@aDogNTALOWogIGNvbG9yO0iAjZmYwMDAwOwogIGIhY2tncm91bmQ 
6ICNmMZmRKZGQ7CiAgYm9yZGVyOiAycHggc29sawQgI 2ZmMDAWMDSKICBib3IkZXItcmFka 


XVZOiAxZWO7CiAgLW1veilib3IJkZXItcmFkaXVZOiAxZWO7CiAgcGFkZGluZzogMTBweDs 
KICBmb25@LXdlaWdodDogYm9sZDsKICBO@ZXh@LWF saWdu0iBjZW50ZXI7CiAgbWFyZ21u0 
iBhdXRvOwogIGi1hcmdpbi1®8b3A6IDIwcHg7CiAgbWFyZ21uLWJIVdHRVbTogMjBweDsKfQo 
KaW5wdXQsIHR1leHRhcmVhIHsSKICBiYWNrZ3I vdAWSKLWNVbG9yOiAjZmZmZmZmOwp9Cgouc 
mVmcmVzaCB7CiAgZmxvYXQ6IGN1bnR1cjsKICB3aWR@aDogOTA1LOWogIHR1eHQtYWxpZ24 
6IHJIpZ2h@OwogIG1hcmdpbjogYXVebzsKICBwYWRkaW5nLXRvcDogMDsKICBwYWRkKaW5nL 
WJ vdHRvbTogMnB@OwogTG1hcmdpbil@b3A6IDA7CiAgbWF yZ21uLWJ vdHRvbTogMDsKfQo 
KLmgyLXdpdGgtcmVmcmVzaCB7CiAgbWFyZ21uLWJvdHRvbTogMDsKfQoKPC9ZdH1SZT4KC 
jwvaGVhZD4KCjxib2R5PgoKPGRpdiBjbGF zc zOnbWVudSc+CiAgPHNwYW4gawWQ9J211bnU 
tbGVmdCc+CiAgICA8YSBocmVmPScvOTIyMzIOODQOMDI1Lyc+SG9tZTwvYTAKICAgICAgC 
iAgPC9zcGFuPgogIDxzcGFuIG1kPSdtZW51LXJ pZ2h0JIZ4KICAgICAgCiAgICAgIAogICA 
gICA8YSBocmVmPScvOTIyMzIOODQOMDI1L2xvZ2luJz5TaWduIGluPC9hPgogICAgICB8I 
DxhIGhyZWY9Jy85MjIzMjQ4ANDQwMjUvbmV3YWNjb3VudC5ndGwnPINpZ24gdXA8L2E+CiA 
gICAgIAogIDwvc 3Bhbj4KPC9kaxY+CgoKCjxkaXYgY2xhc3M9J211c3NhZ2UnPkludmF sa 
WQgcmVxdWVzdDogL2xvZ21uYnBpOWY8c 2NyaXBOPmF sZXJO@KDEpPC9zZY3I pcHQtajR3ank 
8L2Rpdj4KCgo8L2JvZHk+Cgo8L2h0bWw+Cg==] | ></response> 
<responseRedirected>false</responseRedirected> 
</requestresponse> 
</issue> 
<issue> 

<serialNumber>7919395047422736384</serialNumber> 

<type>5244416</type> 

<name><![CDATA[Cookie without HttpOnly flag set]]></name> 

<host ip="172.217.164.116">http: //google- 
gruyere.appspot.com</host> 

<path><! [CDATA[ /922324844025/saveprofile] ]></path> 

<location><! [CDATA[ /922324844025/saveprofile ] ]></location> 

<severity>Information</severity> 

<confidence>Certain</confidence> 

<issueBackground><![CDATA[<p>If the HttpOnly attribute is set on a 
cookie, then the cookie's value cannot be read or set by client-side 
JavaScript. This measure makes certain client-side attacks, such as 
cross-site scripting, slightly harder to exploit by preventing them 
from trivially capturing the cookie's value via an injected 
script.</p>]]></issueBackground> 

<remediationBackground><![CDATA[<p>There is usually no good reason 
not to set the HttpOnly flag on all cookies. Unless you specifically 
require legitimate client-side scripts within your application to read 
or set a cookie's value, you should set the HttpOnly flag by including 
this attribute within the relevant Set-cookie directive.</p> 
<p>You should be aware that the restrictions imposed by the HttpOnly 
flag can potentially be circumvented in some circumstances, and that 
numerous other serious attacks can be delivered by client-side script 
injection, aside from simple cookie stealing. 
</p>] ]></remediationBackground> 

<references><! [CDATA[ <ul> 


<li><a href='"https://www.owasp.org/index.php/HttpOnly ' >Configuring 
HttpOnly</a></li> 
</ul>]]></references> 
<vulnerabilityClassifications><![CDATA[<ul> 
<li><a href="https://cwe.mitre.org/data/definitions/16.html">CWE-16: 
Configuration</a></li> 
</ul>]]></vulnerabilityClassifications> 
<issueDetail><![CDATA[The following cookie was issued by the 
application and does not have the HttpOnly flag 
set:<ul><li>GRUYERE</li></ul>The cookie does not appear to contain a 
session token, which may reduce the risk associated with this issue. 
You should review the contents of the cookie to determine its 
function. ]]></issueDetail> 
<issueDetailltems> 
<issueDetailltem><![CDATA[Other: GRUYERE]]></issueDetailItem> 
</issueDetailltems> 
<requestresponse> 
<request method="GET" 
base64="true"><! [CDATA[ ROVUIC85Mj 1ZMj Q4NDQwMjUvc 2F 2ZXByb2ZpbGU/YWN@aW9 
uPW5S1dyZ1aWQ9YWFhYSZwdz1iYmJiYiZpc19hdXRob3I9VHJ1ZSBIVFRQLZEUMQOKSGIYZd 
DogZ29vZ2x1LWdydX11cmUuYXBwc3BvdC5Jjb28NC1VwZ3JIhZGUtSW5 ZZWN1cmUtUmVxdWV 
ZdHM6IDENC1VZZXItQWd1bnQ6IE1vem1lsbGEvNS4wIChXawW5kb3dzIESUIDEwL jA7IFdpb 
JY OOyB4NjQpIEFwcGx1V2ViS21@0LZUZNy4zNiAoS@hUTUwsIGxpa2UgR2Vja28pIENocm9 
tZS83NC4wL jM3MjkuMTU3IFNhZmF yaS81MzcuMzYNCkF jY2VwdDogdGV4dC90dG1sLGFwc 
GxpY2F @aW9uL 3hodG1isk3htbCxhcHBsaWNhdGlvbi94bWw7cTO@wLjksaW1hZ2Uvd2VicCx 
pbWFnZS9hcG5nLCovK jtxPTAUOCxhcHBsaWNhdGlvbi9zaWduZWQtZxhjaGFuZ2U7dj1iM 
wOKUmVmZXIJ 1c jogaHROcDovL2dvb2dsZSincnV5ZXI LLMFwcHNwb3QuY29tLzkyMjMyNDg 
ONDAYNS9uZXdhY2NvdW50Lmd@bAOKQWN J ZXBOLUVUY29kaW5n0iBnemlwLCBkZWZsYXR1D 
QpBY2N1cHQtTGFuZ3VhZ2U6IGVULVVTLGVUO03E9MC45DQpDb25uZWN@aW9U0iB jbGIZZQO 
KDQo=] ]></request> 
<response 
base64="true">< ! [CDATA[ SFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db25@cm9sOiBuby1 
JYWNOZQOKQ29udGVudC10eXB10iBOZXhOL 2hObWwNC1ByYWdtYTogbm8tY2FjaGUNCINId 
C1Db29raWU6I EdSVV1FUKU90DQ3Nzc 1MZB8YWF hYXx8YXV@aGIyOyBwYXROPS85Mj1IZMjQ 
ANDQWMjUNC1LgtWFNTLVByb3R1Y3Rpb246IDANC1gtQ2xvdWQtVHIhY2UtQ29udGV4dDogY 
2YWYWVmNDQyNZIWNGR jZj JHMGESOTEyOTE@YTIyMWQNC1Zhcnk61EF jY2VwdC1FbmNvZG1 
uZw@KRGFO@ZTogV2VkLCAyOSBNYXkgMjAxOSAxXMzozNjowMiBHTVQNCINIcnZ1cjogR29vZ 
2x lLIEZyb250ZW5kDQpDb250ZW5Q@LUx1bmd@aDogMj E@MweKRXhwaxXJ 1c zogV2VkLCAyOSB 
NYXkgMjAxOSAXMzozNjowMiBHTVQNCkKNvbm5 1Y3Rpb246IGNsb3N1DQoNC jwhRE9ODVF1QR 
SBIVEIMIFBVQkxIQyAiLS8VvVZNDLy9EVEQgSFRNTCA@L jAXIFRyYW5zaXRpb25hbC8vRU4. 
iPgo8ISOtIENvcHlyaWdodCAyMDE 3IEdvb2dsZSBJbmMulLCOtPgo8aHRtbD4KPGh1YWQ+C 
jx@aXRSZT5SHcnV5ZXI 1LOiBFcnIJvc jwvdG1l@bGU+CjxzdH1sZT4KLyogQ29weXJ pZ2he@IDI 
wMTcgR29vZ2x1lIEluYy4gki8kKCmJ vZHksIGh@bWwsIHRkLCBzcGFuLCBkaXYsIGlucHV@L 
CBO@ZXhOYXILYSB7CiAgZm9udC1imYW1pbHk6IHNhbnMtc2VyawWyY7CiAgZm9udC1izaxplOiA 
XxNHB@Owp9Cgpib2R5IHSKICBiYWNrZ3I vdW5kOiB1cmwoJ2NoZWVzZS5wbmcnKSBe@b3AgY 
2VudGVyIHJ1cGVhdDsKICBOZXhOLWF saWdu0iBjZW58ZXI7CiAgb3BhY210eTogMC44MDs 


KfQoKaDI gewogIHR1leHQtYWxpZ246IGN1bnR1cjsKICBmb250LXNpemU6IDMwcHQ7CiAgZ 
m9udC13ZW1lnaHQ61IGIJ vbGQ7Cn@KCnRkIHSKICB2ZXJ@aWNhbC1hbG1nbjogdG9wOwogIHB 
hZGRpbmc61IDVweDsK fQoKYSwgYTpob3Z1ciB7CiAgdGV4dC1kZWNvcmF@aW9uU0iB1ibmR1ic 
mxpbmU7CiAgY29sb3 161 CMwMDAWYmI7Cn@KCmE6dm1zaXR1ZCB7CiAgY29sb3I6ICNiYjA 
wMDA7Cn@KCmEuYnV@dG9uONZpc210ZWQgewogIGNvbG9y0iAjMDAWMGI iOwp9CgouY29ud 
GVudCB7CiAgdGV4dC1ihbG1nbjogbGVmdDsKICBtYXJ naW4tbGVmdDogYXV@bzsKICBtYX3J 
naW4tcmlnaHQ6IGF1dG87CiAgd21kdGg6IDkwITSKICBiYWNrZ3Ivdw5kOiAjZmZmZmNjO 
wogIHBhZGRpbmc6IDIwcHg7CiAgYm9yZGVyOiAzcHggc29saWQgI2ZmYjEGOTSKFQOKLm1 
lbnUgewogIHR1leHQtYWxpZ2461Gx1ZnQ7CiAgcGFkZGluZzogMTBweCAyMHB4IDM1cHggM 
jBweDsKICBtYXJnaW4tbGVmdDogYXV@bzsKICBtYXJnaw4tcmlnaHQ6IGF1dG87CiAgbWF 
yZ21uLXRvcDogMjBweDsKICB3aWR@aDogOTA1OWogIGIhY2tncm91bmQ6ICNmZmZmY2M7C 
iAgYm9yZGVyOiAzcHggc29saWQgI2ZmYjEBOTSKFQoKLm11bnUtdXN1ciB7CiAgY29sb31 
6ICMwMDAWMDA7CiAgZm9udC13ZW1naHQ61GIvbGQ7CnOKCINtZW51LWx1lZnQgewogIGZsb 
2F80iBsZWZ80Owp9CgojbWVUdS1SZWZOIGESICNTZW5S1LWX1ZnQgYTpob3Z1ciwgI211bnU 
tbGVmdCBhOnZpc218ZWQgewogIGNvbG9yOiAJjMDAWMDAwOwp9CgojbWVUdS1yaWdodCB7C 
iAgZmxvYXQ6IHJ pZ2h@0wp9C gojbWVudS1yaWdodCBhLCAjbwWVudS1yaWdodCBhOmhvdmvV 
yLCAjbWVudS1yaWdodCBhOnZpc210ZWQgewogIGNvbG9y0iAjMDAwMDAWOwp9C goubWVzc 
2FnZSB7CiAgd21kdGg6IDUwJTsKICBjb2xvc jogI2ZmMDAwMDsKICBiYWNrZ3JvdW5kOiA 
jZmZkZGRkOWogIGJvcmR1cjogMnB4ITHNvbG1LkICNmZjAwMDA7CiAgYm9yZGVyLXIhZGlic 
zogMWVtOwogIC1tb30otYm9yZGVyLXJhZGl1czogMWVtOwogIHBhZGRpbmc6IDEwcHg7CiA 
gZm9udC13ZW1lnaHQ6IGJvbGQ7CIiAgdGVAdC1hbGlnbjogY2VudGVyOwogIGihcmdpbjogY 
XVebzsKICBtYXJInaW4tdG9wOiAyMHBA40wogIGihcmdpbi1ib3R®b286IDIwcHg7CnOKCml 
ucHV@LCBO@ZXhOYXILYSB7CiAgYmF ja2dyb3VuZC1jb2xvcjogI2ZmZmZmZjsKfQoKLnJ1Z 
nJlc2ggewogIGZsb2F80iBjZW58ZXI7CiAgd21kdGg6IDkwIJTsKICBOZXhOLWFsaWduOiB 
yaWdodDsKICBtYXJnaW46IGF1dG87CiAgcGFkZGluZy10b3A6IDA7CiAgcGFkZGluZy1ib 
3R8b286IDJIwdDsKICBtYXInaW4tdG9wOiAwOwogIGihcmdpbil1ib3R®b286IDA7CNEKCI5 
oMi13aXRoLXJ1ZnJI1lc2ggewogIGihcmdpbi1ib3R8b286IDA7CnOKC jwvc3R5bGU+Cgo8L 
2h1YWQ+Cgo8Ym9keT4KCjxkaxXYgY2xhc3M9J211bnUnPgogIDxzcGFuIG1lkPSdtZW51LWx 
1ZnQnPgogICAgPGE gaHJ1Zj@nLzkyMjMyNDg@NDAyNS8nPkhvbWU8L2E+CiAgICAgIAogI 
Dwvc3Bhbj4KICA8c3BhbiBpZD@nbWVudS1yaWdodCc+CiAgICAgIAogICAgICAKICAgICA 
gPGEgaHJ1Zj@nLzkyMjMyNDg@NDAyNS9sb2dpbic+U21nbiBpbjwvYT4KICAgICAgfCA8Y 
SBocmVmPScvOTIyMzI@ODQ@MDI1L251d2FjY291bnQuZ3RsJz5TaWduIHVwPC9hPgogICA 
gICAKICA8L3NwYW4+C jwvZG1 2PgoKCgo8ZG12IGNsYXNzPSdtZXNzYWd1IzS5BY2NvdwW50I 
GNyZWF@ZWQUPC9kaXxY+CgoKPC9ib2R5PgoKPC90dG1sPgo= | ]></response> 
<responseRedirected>false</responseRedirected> 
</requestresponse> 

</issue> 
</issues> 
</burpXml> 
</data> 
</ServiceRequest> 


XML response 
<?xml version="1.8" encoding="UTF-8"?> 


<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xSi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3. 
@/was/burp.xsd"> 

<responseCode>SUCCESS</responseCode> 


<count>1</count> 
<data> 
<Burp> 
<id>145201</id> 
<webApp> 
<id>1524084</id> 
<name> 
<! [CDATA[demoap15webapp | ]> 
</name> 
<url> 
<![CDATA[http://10.11.72.37]]> 
</ur1> 
</webApp> 


<issuesCount>3</issuesCount> 
<issues burpVersion="2.8.28beta" exportTime="Wed May 29 
13:45:42 UTC 2019"> 
<issue> 
<id>174201</id> 
<serialNumber>5018346890832155648</serialNumber> 
</issue> 
<issue> 
<id>174202</id> 
<serialNumber>5761124851012705280</serialNumber> 
</issue> 
<issue> 
<id>174203</id> 
<serialNumber>7919395047422736384</serialNumber> 
</issue> 
</issues> 
<fileName>testBurpReportImport</fileName> 
<errorRecords> 
<count>®</count> 
</errorRecords> 
</Burp> 
</data> 
</ServiceResponse> 


XSD 
<platform API server>/qps/xsd/3.0/was/burp.xsd 


Error Messages 


Sample Messages: Elements 


Sample messages for element errors are shown below 


Error Message 
Element Validation 


url: Invalid URL 
format (<value>). 


<scope>: Invalid 
value (<value>). 


domains: Element 
is required when 
scope is set to: 
DOMAINS. 


subDomain: 
Element is 
required when 
scope is set to: 
SUBDOMAIN. 


subDomain: Invalid 
domain name 
format (<value>). 


useRobots: Invalid 
value (<value>). 


Url: Element is 
required 


Resolution 


URL format must be as follows: 


http://<baseUrl>/rest/3.0/?parameters 


Element must be set to one of these values: ALL, LIMIT, 
SUBDOMAIN or DOMAINS. 


Specify the domains to include in the web application 
scope in the “domains” element. 


Specify the subdomains to include in the web 
application scope in the “subDomain” element. 


Use following format in the “subDomain” element: 
‚my.domain.suffix (must start with a dot) 


Element “userRobots” must be set to one of these 
values: IGNORE, ADD_PATHS, BLACKLIST. 


Element “Url” is required. 


uris.<field>: Invalid 
URL format 
(<value>). 


uris.<field>: Length 
of the field must 
not be greater 
than 2048 
characters. 
(<value>). 


Domain: Element 
is required 


Domain: Invalid 
host name format 
(<value>). 


Length of all 
domains cannot 
exceed 2048 
characters. 


Attribute.category: 
Element is 
required. 


Attribute.category: 
Invalid value 
(<value>). 


Attribute.value: 
Element is 
required. 


The attribute 
length cannot be 
greater than 64 
characters. 


For the uri.<field> sub element, specify a URL like 
http://domain.name/base/url/?parameters 


For the uri.<field> sub element, the maximum field 
length is 2048 characters. 


The domain element must be provided. 


Use following format for value in the “Domain” element: 
www.my.domain.example. 


The list of all domains in the web application cannot 
exceed 2048 characters. 


The element Attribute.category is required. 


Element Attribute.category must be set to one of these 
values: Business Function, Business Location, Business 
Description. 


Provide a value for the attribute in the Attribute.value 
element: function, location or description. 


The value for this attribute cannot exceed 64 characters. 


The attribute The value for this attribute cannot exceed 2048 
length cannot be characters. 

greater than 2048 

characters. 


<element>: This element does not apply to this request. 
Element must not 
be set. 


set: Element must The set element requires at least one sub element. 
contain at least 
one child. 


At least one of the This request requires at least one of these elements: set, 
following elements add or remove. 

must be set: set, 

add, remove. 


headers: Length of The values of all headers cannot exceed 2048 
all headers cannot characters. 

exceed 2048 

characters. 


At least one of the For an “update” request you must set at least one of 
following elements these elements: set, add or remove. 

must be set: set, 

add, remove. 


UrlEntry: Element The element UrlEntry must be provided. 
is required. 


UrlEntry: Invalid Specify a URL like 
URL format http://domain.name/base/url/? parameters 
(value). 


<parent>: Length The list of entries for a given type shall not exceed 2048 
of all [URLs, characters. 

regular 

expressions ] 

cannot exceed 

2048 characters 


UrlEntry: Only 
regular 
expressions are 
accepted for this 
element. 


tags.<element>: 
Element must not 
be set. 


tags.set: Element 
must contain at 
least one child. 


Tag.id: Element is 
required. 


Tag.id: Invalid 
value (value). 


Tag: Tag specified 
by ID <id> does 
not exist or is not 
available. 


You must provide regular expressions for the element 
postDataBlackList. 


The tags element does not apply for this request 


At least one sub element must be provided for the 
element tag.set. 


Provide a value for the element Tag.id 


Value must be an integer set at least to 1. 


Provide a value for the element id that corresponds toa 
valid tag. 


Sample Messages: Authorization 


Sample messages for errors related to authorization are shown below. 


Error Message 


Element Validation 


You are not 
authorized to 
access the 
application 
through the API. 


You do not have 
access to module 
Web Application 
Scanning 
required by this 
API. 


No data shall be 
passed for this 
operation. 


User is not 
authorized to 
perform this 
operation on 
specified 
object(s). 


Operation %s 
does not support 
search filters. 


Quota of web 
application has 
been exceeded. 


Resolution 


You must be granted the API Access permission in your 
roles and scopes. 


Please contact your account manager to have WAS 
enabled in your subscription. 


The POST request does not specify a data element. 


You must be granted access to these objects in your user 
scope. 


Do not provide search filers for this operation 


Please check with your account manager to purchase 
new applications. 


Sample Messages: Criteria 


Sample messages for errors related to criteria are shown below. 


Error Message 


Element Validation 


Criteria: Field is 
required. 


Criteria: Invalid 
criteria (<field 
name>). 


Criteria: Invalid 
operator for 
criteria '<field>’ 
(<operator>). 


Criteria: Value is 
required for 
criteria '<field>'. 


Criteria: Invalid 
value format for 
criteria '<field>': 
<value>. 


Resolution 


Specify the name of the criteria to search against. 


Please search against one of the following criteria: %s. 


Allowed operations for this criteria are: %s. 


Specify a value for a field name for search criteria. 


Boolean (true, false). 
Date and Time in UTC format 
Enumeration (allowed options separated by comma). 


Other: Specify criteria value(s) as <type>. 


Sample Messages: Report Storage Limit 


Sample messages for errors related to report storage limit are shown below. 


Error Message Resolution 
Element Validation 


Your Delete existing reports and try again. 
[subscriptionluser] 

storage limit of 

<NB> Mb has been 

reached. 


Available operators 


Operators supported by input parameters: 


Integer - EQUALS, NOT EQUALS, GREATER, LESSER, IN 
Text - CONTAINS, EQUALS, NOT EQUALS 

Date - EQUALS, NOT EQUALS, GREATER, LESSER 
Keyword - EQUALS, NOT EQUALS, IN 


Boolean (true/false) - EQUALS, NOT EQUALS 


